Logo firegen home | support | tcp/ip ports | support forums

Altair Technologies - Firegen report generated on 4/26/2017 10:12:20 AM

InfoValue
Analysis profileAnalysis profile Cisco ASA
Analyzed log(s)E:\Logs\Cisco ASA\syslog-2015-04-06.log (134.00 MB)
Firewall typeCisco Pix/ASA
Analysis intervalAll entries in the specified log

Firewalls

NoFirewallConnectionsTraffic (MB)DenialsWarningsURLsInfoIDSACLUnknown
110.12.0.1148,79622,208.4628,3541,9240000000000

Firewall: 10.12.0.1

Anomaly report

Based on the analysis of 1 historical records, this set of data appears to be within the normal values.

Please note that the anomaly prediction algorithm only describes the commonality of the current statistics when compared with the previous analysis restuls. There might be specific issues that are not part of the analysis and that can still indicate a potential problem.

Severity Levels

LevelSeverityDescriptionCount
0EmergencyImmediate danger00
1AlertImmediate action needed00
2CriticalCritical condition09
3ErrorError condition115
4WarningWarning condition5,503
5NotificationNormal but significant condition782
6InformationalInformational message only657,419

Message types

NoCodeMessage sampleCount
12-106001Inbound TCP connection denied from 10.12.0.16/445 to 10.12.0.224/50641 flags ACK on interface inside 09
23-313001Denied ICMP type=3, code=3 from 188.135.179.205 on interface outside 37
33-710003TCP access denied by ACL from 128.232.110.29/12345 to outside:24.106.197.130/80 75
43-713122IP = 216.228.167.50, Keep-alives configured on but peer does not support keep-alives (type = None) 01
53-717009Certificate validation failed. No suitable trustpoints found to validate certificate serial number: 250CE8E030612E9F2B89F7054D7CF8FD, subject name: cn=VeriSign Class 3 Public Primary Certification Authority - G5,ou=(c) 2006 VeriSign\, Inc. - For authorized use only,ou=VeriSign Trust Network,o=VeriSign\, Inc.,c=US, issuer name: ou=Class 3 Public Primary Certification Authority,o=VeriSign\, Inc.,c=US . 01
63-752006Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Probable mis-configuration of the crypto map or tunnel-group. Map Tag = Unknown. Map Sequence Number = 0. 01
74-106023Deny tcp src outside:186.178.1.100/6000 dst inside:10.12.0.12/1433 by access-group "acl_out" [0x0, 0x0] 5,189
84-113019Group = 216.228.167.50, Username = 216.228.167.50, IP = 216.228.167.50, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:30m:30s, Bytes xmt: 0, Bytes rcv: 0, Reason: Idle Timeout 35
94-313005No matching connection for ICMP error message: icmp src outside:114.142.239.252 dst dmz:24.106.197.136 (type 3, code 3) on outside interface. Original IP payload: udp src 24.106.197.136/62556 dst 114.142.239.252/53. 266
104-500004Invalid transport field for protocol=TCP, from 107.154.64.10/0 to 24.106.197.130/8635 01
114-733100[ Scanning] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 2 per second, max configured rate is 5; Cumulative total count is 1622 12
125-111007Begin configuration: console reading from terminal 03
135-111008User 'mtyson' executed the 'perfmon interval 10' command. 05
145-111010User 'mtyson', running 'CLI' from IP 0.0.0.0, executed 'dir disk0:/dap.xml' 01
155-713041Group = 152.46.8.43, IP = 152.46.8.43, IKE Initiator: Rekeying Phase 2, Intf outside, IKE Peer 152.46.8.43 local Proxy Address 10.12.0.0, remote Proxy Address 192.168.109.0, Crypto map (outside_map) 09
165-713049Group = 216.228.167.50, IP = 216.228.167.50, Security negotiation complete for LAN-to-LAN Group (216.228.167.50) Responder, Inbound SPI = 0xd048f3b2, Outbound SPI = 0xe8019263 193
175-713050Group = 216.228.167.50, IP = 216.228.167.50, Connection terminated for peer 216.228.167.50. Reason: IPSec SA Idle Timeout Remote Proxy 192.168.1.14, Local Proxy 10.12.0.0 188
185-713075Group = ACMEINVPN, Username = acmuser, IP = 99.43.176.252, Overriding Initiator's IPSec rekeying duration from 2147483 to 28800 seconds 01
195-713076Group = ACMEINVPN, Username = acmuser, IP = 99.43.176.252, Overriding Initiator's IPSec rekeying duration from 0 to 4608000 Kbs 01
205-713119Group = 216.228.167.50, IP = 216.228.167.50, PHASE 1 COMPLETED 40
215-713120Group = 216.228.167.50, IP = 216.228.167.50, PHASE 2 COMPLETED (msgid=24793850) 192
225-713130Group = ACMEINVPN, Username = acmuser, IP = 99.43.176.252, Received unsupported transaction mode attribute: 5 01
235-713259Group = 216.228.167.50, IP = 216.228.167.50, Session is being torn down. Reason: Idle Timeout 35
245-713904IP = 216.228.167.50, Received encrypted packet with no matching SA, dropping 112
255-737003IPAA: DHCP configured, no viable servers found for tunnel-group 'ACMEINVPN' 01
266-106015Deny TCP (no connection) from 10.12.0.14/139 to 192.168.1.1/4445 flags SYN ACK on interface inside 22,167
276-110002Failed to locate egress interface for UDP from outside:10.12.0.224/52390 to 239.255.255.250/1900 44
286-113008AAA transaction status ACCEPT : user = mtyson 30
296-113009AAA retrieved default group policy (DfltGrpPolicy) for user = 216.228.167.50 33
306-113012AAA user authentication Successful : local database : user = mtyson 30
316-113015AAA user authentication Rejected : reason = Invalid password : local database : user = hamayan 447
326-120003Call-Home is processing telemetry event ASA Telemetry. 01
336-120007Call-Home telemetry message to https://tools.cisco.com/its/service/oddce/services/DDCEService delivered. 01
346-30201066 in use, 1270 most used 144
356-302013Built outbound TCP connection 12481738 for outside:192.168.109.251/6007 (192.168.109.251/6007) to inside:10.12.0.250/62932 (10.12.0.250/62932) 119,504
366-302014Teardown TCP connection 12481750 for outside:216.228.162.141/22 to inside:10.12.0.12/4456 duration 0:00:05 bytes 3577 TCP FINs 119,541
376-302015Built outbound UDP connection 12481740 for outside:24.25.5.60/53 (24.25.5.60/53) to inside:10.12.0.14/55986 (24.106.197.131/55986) 42,422
386-302016Teardown UDP connection 12481740 for outside:24.25.5.60/53 to inside:10.12.0.14/55986 duration 0:00:00 bytes 114 42,519
396-302020Built inbound ICMP connection for faddr 10.12.0.4/37494 gaddr 10.12.0.1/0 laddr 10.12.0.1/0 45,570
406-302021Teardown ICMP connection for faddr 10.12.0.4/37494 gaddr 10.12.0.1/0 laddr 10.12.0.1/0 45,570
416-305011Built dynamic TCP translation from inside:10.12.0.14/139 to outside:24.106.197.131/139 108,335
426-305012Teardown dynamic TCP translation from inside:10.12.2.7/64520 to outside:24.106.197.131/64520 duration 0:01:01 108,236
436-315011SSH session from 58.218.213.254 on interface outside for user "" disconnected by SSH server, reason: "Unsupported protocol version" (0x08) 498
446-602303IPSEC: An outbound LAN-to-LAN SA (SPI= 0xE8019263) between 24.106.197.130 and 216.228.167.50 (user= 216.228.167.50) has been created. 386
456-602304IPSEC: An outbound LAN-to-LAN SA (SPI= 0xD3BD9DE5) between 24.106.197.130 and 216.228.167.50 (user= 216.228.167.50) has been deleted. 377
466-605004Login denied from 202.62.73.86/22878 to outside:24.106.197.130/ssh for user "hamayan" 448
476-605005Login permitted from 10.12.2.174/60166 to inside:10.12.0.1/https for user "mtyson" 29
486-606001ASDM session number 0 from 10.12.2.174 started 01
496-606002ASDM session number 0 from 10.12.2.174 ended 01
506-606003ASDM logging session number 0 from 10.12.2.174 started 01
516-606004ASDM logging session number 0 from 10.12.2.174 ended 01
526-611101User authentication succeeded: Uname: mtyson 29
536-611102User authentication failed: Uname: hamayan 896
546-713172Group = 216.228.167.50, IP = 216.228.167.50, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device 40
556-713184Group = ACMEINVPN, Username = acmuser, IP = 99.43.176.252, Client Type: WinNT Client Application Version: 5.0.07.0440 01
566-713228Group = ACMEINVPN, Username = acmuser, IP = 99.43.176.252, Assigned private IP address 10.12.0.224 to remote user 01
576-713273Group = ACMEINVPN, Username = acmuser, IP = 99.43.176.252, Deleting static route for client address: 10.12.0.224 01
586-713905Group = ACMEINVPN, Username = acmuser, IP = 99.43.176.252, Gratuitous ARP sent for 10.12.0.224 01
596-717022Certificate was successfully validated. Certificate is resident and trusted, serial number: 6ECC7AA5A7032009B8CEBCF4E952D491, subject name: cn=VeriSign Class 3 Secure Server CA - G3,ou=Terms of use at https://www.verisign.com/rpa (c)10,ou=VeriSign Trust Network,o=VeriSign\, Inc.,c=US. 02
606-717028Certificate chain was successfully validated with warning, revocation status was not checked. 01
616-725001Starting SSL handshake with server outside:24.106.197.130/34825 for TLSv1 session. 37
626-725002Device completed SSL handshake with server outside:24.106.197.130/34825 33
636-725006Device failed SSL handshake with client inside:10.12.2.173/55872 04
646-725007SSL session with server outside:24.106.197.130/34825 terminated. 33
656-734001DAP: User acmuser, Addr 99.43.176.252, Connection IPSec: The following DAP records were selected for this connection: DfltAccessPolicy 01
666-737006IPAA: Local pool request succeeded for tunnel-group 'ACMEINVPN' 01
676-737016IPAA: Freeing local pool address 10.12.0.224 01
686-737026IPAA: Client assigned 10.12.0.224 from local pool 01
697-111009User 'mtyson' executed cmd: show version 29
707-419003Cleared TCP urgent flag from outside:50.116.194.21/80 to inside:24.106.197.131/49921 04
717-609001Built local-host outside:216.228.162.141 9,300
727-609002Teardown local-host outside:61.4.196.225 duration 0:10:26 9,274
737-710005UDP request discarded from 10.12.1.105/63064 to inside:255.255.255.255/5246 16,717
747-710007NAT-T keepalive received from 99.43.176.252/50369 to outside:24.106.197.130/4500 19
757-713025Group = 216.228.167.50, IP = 216.228.167.50, Received remote Proxy Host data in ID Payload: Address 172.16.162.128, Protocol 0, Port 0 189
767-713034Group = 216.228.167.50, IP = 216.228.167.50, Received local IP Proxy Subnet data in ID Payload: Address 10.12.0.0, Mask 255.255.0.0, Protocol 0, Port 0 189
777-713052Group = ACMEINVPN, Username = acmuser, IP = 99.43.176.252, User (acmuser) authenticated. 01
787-713066Group = 216.228.167.50, IP = 216.228.167.50, IKE Remote Peer configured for crypto map: outside_map 189
797-713121IP = 216.228.167.50, Keep-alive type for this connection: DPD 40
807-713170Group = 152.46.8.43, IP = 152.46.8.43, IKE Received delete for rekeyed centry IKE peer: 192.168.109.0, centry addr: adc8d2c0, msgid: 0x50166c76 04
817-713204Group = ACMEINVPN, Username = acmuser, IP = 99.43.176.252, Adding static route for client address: 10.12.0.224 01
827-713221Group = 216.228.167.50, IP = 216.228.167.50, Static Crypto Map check, checking map = outside_map, seq = 30... 190
837-713222Group = ACMEINVPN, Username = acmuser, IP = 99.43.176.252, Static Crypto Map check, map = outside_map, seq = 30, ACL does not match proxy IDs src:10.12.0.224 dst:0.0.0.0 02
847-713225Group = 216.228.167.50, IP = 216.228.167.50, Static Crypto Map check, map outside_map, seq = 30 is a successful match 189
857-713236IP = 216.228.167.50, IKE_DECODE SENDING Message (msgid=97e28223) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 80 9,189
867-713906Group = 216.228.167.50, IP = 216.228.167.50, IKE SA MM:8423992e rcv'd Terminate: state MM_ACTIVE flags 0x00018042, refcnt 1, tuncnt 4 1,771
877-714002Group = 152.46.8.43, IP = 152.46.8.43, IKE Initiator starting QM: msg id = c025794d 03
887-714003IP = 216.228.167.50, IKE Responder starting QM: msg id = 24793850 189
897-714004Group = 152.46.8.43, IP = 152.46.8.43, IKE Initiator sending 1st QM pkt: msg id = fa0e02c2 04
907-714005Group = 216.228.167.50, IP = 216.228.167.50, IKE Responder sending 2nd QM pkt: msg id = 24793850 189
917-714006Group = 152.46.8.43, IP = 152.46.8.43, IKE Initiator sending 3rd QM pkt: msg id = fa0e02c2 04
927-714011Group = 216.228.167.50, IP = 216.228.167.50, ID_IPV4_ADDR ID received<010>216.228.167.50 422
937-715001Group = 216.228.167.50, IP = 216.228.167.50, constructing proxy ID 580
947-715006Group = 216.228.167.50, IP = 216.228.167.50, IKE got SPI from key engine: SPI = 0xd048f3b2 193
957-715007Group = 216.228.167.50, IP = 216.228.167.50, IKE got a KEY_ADD msg for SA: SPI = 0xe8019263 192
967-715009Group = 216.228.167.50, IP = 216.228.167.50, IKE Deleting SA: Remote Proxy 192.168.1.14, Local Proxy 10.12.0.0 191
977-715019Group = ACMEINVPN, Username = acmuser, IP = 99.43.176.252, IKEGetUserAttributes: primary DNS = 10.12.0.15 09
987-715020Group = ACMEINVPN, Username = acmuser, IP = 99.43.176.252, construct_cfg_set: default domain = ncmedboard.org 01
997-715021Group = ACMEINVPN, Username = acmuser, IP = 99.43.176.252, Delay Quick Mode processing, Cert/Trans Exch/RM DSID in progress 01
1007-715022Group = ACMEINVPN, Username = acmuser, IP = 99.43.176.252, Resume Quick Mode processing, Cert/Trans Exch/RM DSID completed 01
1017-715027Group = 216.228.167.50, IP = 216.228.167.50, IPSec SA Proposal # 1, Transform # 1 acceptable Matches global IPSec SA entry # 30 189
1027-715028IP = 216.228.167.50, IKE SA Proposal # 1, Transform # 1 acceptable Matches global IKE entry # 4 35
1037-715034IP = 152.46.8.43, Constructing IOS keep alive payload: proposal=32767/32767 sec. 08
1047-715036Group = 216.228.167.50, IP = 216.228.167.50, Sending keep-alive of type DPD R-U-THERE (seq number 0x473d4031) 4,154
1057-715038IP = 216.228.167.50, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001) 44
1067-715041Group = 216.228.167.50, IP = 216.228.167.50, Received keep-alive of type DPD R-U-THERE, not the negotiated type 01
1077-715046Group = 216.228.167.50, IP = 216.228.167.50, constructing blank hash payload 10,267
1087-715047Group = 216.228.167.50, IP = 216.228.167.50, processing hash payload 9,970
1097-715048IP = 216.228.167.50, Send IOS VID 79
1107-715049IP = 216.228.167.50, Received NAT-Traversal RFC VID 202
1117-715053Group = ACMEINVPN, Username = acmuser, IP = 99.43.176.252, MODE_CFG: Received request for IPV4 address! 17
1127-715055Group = ACMEINVPN, Username = acmuser, IP = 99.43.176.252, Send Client Browser Proxy Attributes! 02
1137-715059Group = ACMEINVPN, Username = acmuser, IP = 99.43.176.252, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal 10
1147-715064IP = 152.46.8.43, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: True 05
1157-715075Group = 216.228.167.50, IP = 216.228.167.50, Received keep-alive of type DPD R-U-THERE-ACK (seq number 0x473d4031) 4,118
1167-715076Group = 216.228.167.50, IP = 216.228.167.50, Computing hash for ISAKMP 78
1177-715077Group = 216.228.167.50, IP = 216.228.167.50, Pitcher: received key delete msg, spi 0x5ae03fa4 575
1187-715080Group = 216.228.167.50, IP = 216.228.167.50, Starting P1 rekey timer: 21600 seconds. 232
1197-717025Validating certificate chain containing 3 certificate(s). 01
1207-717029Identified client certificate within certificate chain. serial number: 1CB167D97B8FAD9AF7426141527B9B99, subject name: cn=tools.cisco.com,ou=ATS-AWS,o=Cisco Systems,l=San Jose,st=California,c=US. 01
1217-717030Found a suitable trustpoint _SmartCallHome_ServerCA to validate certificate. 01
1227-725008SSL client inside:10.12.2.173/55872 proposes the following 8 cipher(s). 36
1237-725009Device proposes the following 6 cipher(s) to server outside:24.106.197.130/34825 01
1247-725010Device supports the following 6 cipher(s). 36
1257-725011Cipher[1] : RC4-SHA 734
1267-725012Device chooses cipher : RC4-SHA for the SSL session with client inside:10.12.2.173/55872 36
1277-725013SSL Server outside:24.106.197.130/34825 choose cipher : RC4-SHA 01
1287-725014SSL lib error. Function: SSL3_READ_BYTES Reason: sslv3 alert certificate unknown 04
1297-734003DAP: User acmuser, Addr 99.43.176.252: Session Attribute aaa.cisco.grouppolicy = ACMEINVPN 05
1307-737001IPAA: Received message 'UTL_IP_[IKE_]ADDR_REQ' 01
1317-746012user-identity: Add IP-User mapping 10.12.0.224 - LOCAL\acmuser Succeeded - VPN user 01
1327-746013user-identity: Delete IP-User mapping 10.12.0.224 - LOCAL\acmuser Succeeded - VPN user logout 01

10.12.0.1 - Traffic and denials per hour









HourTraffic (MB)%Connections%Denials%
00-0141.000.191,9301.094121.45
01-0238.000.172,0291.153801.34
02-0346.000.211,8731.063681.30
03-0440.000.181,9041.073921.38
04-0570.000.321,9231.094161.47
05-0640.000.181,9001.073981.40
06-07272.001.233,1441.773771.33
07-084,131.0018.619,3405.271,1474.05
08-09728.003.2814,3748.112,1007.41
09-104,953.0022.3116,1119.092,1887.72
10-11976.004.4015,6328.822,3008.11
11-12911.004.1114,6268.262,6399.31
12-131,567.007.0614,5948.242,5008.82
13-142,388.0010.7613,6327.701,9496.87
14-15840.003.7914,8028.362,4048.48
15-16708.003.1913,0717.382,0847.35
16-17909.004.1011,8616.702,2487.93
17-18231.001.045,3803.047652.70
18-191,935.008.726,0893.441,1704.13
19-201,039.004.683,7032.096132.16
20-21179.000.812,5651.454121.45
21-2268.000.312,2461.273501.23
22-2358.000.262,2481.273131.10
23-2426.000.122,1731.234291.51

10.12.0.1 - Interfaces

NoInterfacesConnectionsMB%DenialsWarningsACLsIDS
1dmz to inside059,652.2443.4600000000
2dmz to outside4800.0100.0000000000
3identity to outside9300.0200.0000000000
4inside to dmz0500.0000.0000000000
5inside to identity3620.1700.0900000000
6inside to outside39,94829.0600.1301000000
7outside to dmz0600.0000.00509000000
8outside to identity50013.7900.0637000000
9outside to inside108,15512,493.1756.254,908000000
10Not specified0000.0000.001131,8470000
11inside to inside0000.0000.0010,146000000
12outside to outside0000.0000.0012,640000000
13inside0000.0000.0000290000
14inside0000.0000.0000040000
15outside0000.0000.0000440000
 Total148,79622,208.46 28,3541,9240000

Firewall: 10.12.0.1 - Interfaces: dmz to inside - Go to top

Sources (2 unique)

NoSourceBytes%Comment
110.12.2.1185,992,371,97159.21 
210.12.2.1244,128,735,31140.79 



Destinations (1 unique)

NoDestinationBytes%Comment
1172.16.2.1010,121,107,282100.00 


Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
110.12.2.118TCP/9010045,992,371,97159.21 
210.12.2.124TCP/9010014,128,735,31140.79 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
110.12.2.118172.16.2.10TCP/9010045,992,371,97159.21 
210.12.2.124172.16.2.10TCP/9010014,128,735,31140.79 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1TCP/90100510,121,107,282100.00 

Firewall: 10.12.0.1 - Interfaces: dmz to outside - Go to top

Sources (1 unique)

NoSourceBytes%Comment
1172.16.2.1011,750100.00 

Destinations (23 unique)

NoDestinationBytes%Comment
1dns-comm-cac-lb-01.southeast.rr.com (24.25.5.60)9,49480.80 
2191.238.147.1031921.63 
3192.96.207.2441921.63 
4time-a.nist.gov (129.6.15.28)960.82 
5vps3.cobryce.com (174.136.103.130)960.82 
615.125.94.239960.82 
7mirror (208.53.158.34)960.82 
8216.152.240.220960.82 
9time.tritn.com (208.75.89.4)960.82 
10168.61.8.69960.82 
11084.bidder.ny2.jenjo.net (162.243.55.105)960.82 
12173.44.32.10960.82 
130.time.dbsinet.com (199.223.248.98)960.82 
14tock.usshc.com (199.102.46.77)960.82 
15level1f.cs.unc.edu (152.2.133.53)960.82 
16lithium.constant.com (108.61.56.35)960.82 
17ntp2.pcloud.com (199.7.177.206)960.82 
18linode2.file-it.co.nz (173.230.144.178)960.82 
192.time.dbsinet.com (199.223.248.100)960.82 
20propjet.latt.net (204.2.134.164)960.82 
21207.46.149.130960.82 
22bindcat.fhsu.edu (209.114.111.1)960.82 
23pool-test.ntp.org (149.20.68.17)480.41 




Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
1172.16.2.10UDP/53 - dns249,49480.80 
2172.16.2.10UDP/123 - ntp242,25619.20 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
1172.16.2.10dns-comm-cac-lb-01.southeast.rr.com (24.25.5.60)UDP/53 - dns249,49480.80 
2172.16.2.10191.238.147.103UDP/123 - ntp021921.63 
3172.16.2.10192.96.207.244UDP/123 - ntp021921.63 
4172.16.2.10time-a.nist.gov (129.6.15.28)UDP/123 - ntp01960.82 
5172.16.2.10vps3.cobryce.com (174.136.103.130)UDP/123 - ntp01960.82 
6172.16.2.1015.125.94.239UDP/123 - ntp01960.82 
7172.16.2.10mirror (208.53.158.34)UDP/123 - ntp01960.82 
8172.16.2.10216.152.240.220UDP/123 - ntp01960.82 
9172.16.2.10time.tritn.com (208.75.89.4)UDP/123 - ntp01960.82 
10172.16.2.10168.61.8.69UDP/123 - ntp01960.82 
11172.16.2.10084.bidder.ny2.jenjo.net (162.243.55.105)UDP/123 - ntp01960.82 
12172.16.2.10173.44.32.10UDP/123 - ntp01960.82 
13172.16.2.100.time.dbsinet.com (199.223.248.98)UDP/123 - ntp01960.82 
14172.16.2.10tock.usshc.com (199.102.46.77)UDP/123 - ntp01960.82 
15172.16.2.10level1f.cs.unc.edu (152.2.133.53)UDP/123 - ntp01960.82 
16172.16.2.10lithium.constant.com (108.61.56.35)UDP/123 - ntp01960.82 
17172.16.2.10ntp2.pcloud.com (199.7.177.206)UDP/123 - ntp01960.82 
18172.16.2.10linode2.file-it.co.nz (173.230.144.178)UDP/123 - ntp01960.82 
19172.16.2.102.time.dbsinet.com (199.223.248.100)UDP/123 - ntp01960.82 
20172.16.2.10propjet.latt.net (204.2.134.164)UDP/123 - ntp01960.82 
21172.16.2.10207.46.149.130UDP/123 - ntp01960.82 
22172.16.2.10bindcat.fhsu.edu (209.114.111.1)UDP/123 - ntp01960.82 
23172.16.2.10pool-test.ntp.org (149.20.68.17)UDP/123 - ntp01480.41 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1UDP/53 - dns249,49480.80 
2UDP/123 - ntp242,25619.20 



Firewall: 10.12.0.1 - Interfaces: identity to outside - Go to top

Sources (1 unique)

NoSourceBytes%Comment
1rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)16,338100.00 

Destinations (4 unique)

NoDestinationBytes%Comment
1192.5.41.2098,06449.36 
2152.46.8.436,24038.19 
3abuse.glsolutions.com (216.228.167.50)1,95211.95112 denials recorded on 4/6/2015 12:00:21 AM
4dns-comm-cac-lb-01.southeast.rr.com (24.25.5.60)820.50 




Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
1rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)UDP/500 - ipsec088,19250.14 
2rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)UDP/123 - ntp848,06449.36 
3rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)UDP/53 - dns01820.50 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
1rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)192.5.41.209UDP/123 - ntp848,06449.36 
2rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)152.46.8.43UDP/500 - ipsec046,24038.19 
3rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)abuse.glsolutions.com (216.228.167.50)UDP/500 - ipsec041,95211.95112 denials recorded on 4/6/2015 12:00:21 AM
4rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)dns-comm-cac-lb-01.southeast.rr.com (24.25.5.60)UDP/53 - dns01820.50 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1UDP/500 - ipsec088,19250.14 
2UDP/123 - ntp848,06449.36 
3UDP/53 - dns01820.50 



Firewall: 10.12.0.1 - Interfaces: inside to dmz - Go to top

Sources (2 unique)

NoSourceBytes%Comment
110.12.2.11872081.82 
210.12.2.12416018.18 



Destinations (1 unique)

NoDestinationBytes%Comment
1172.16.2.10880100.00 


Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
110.12.2.118UDP/90100472081.82 
210.12.2.124UDP/90100116018.18 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
110.12.2.118172.16.2.10UDP/90100472081.82 
210.12.2.124172.16.2.10UDP/90100116018.18 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1UDP/901005880100.00 

Firewall: 10.12.0.1 - Interfaces: inside to identity - Go to top

Sources (2 unique)

NoSourceBytes%Comment
110.12.2.17421,146,23399.99 
210.12.2.1732,8900.01 



Destinations (1 unique)

NoDestinationBytes%Comment
110.12.0.121,149,123100.00 


Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
110.12.2.174TCP/443 - ssl-https3221,146,23399.99 
210.12.2.173TCP/443 - ssl-https042,8900.01 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
110.12.2.17410.12.0.1TCP/443 - ssl-https3221,146,23399.99 
210.12.2.17310.12.0.1TCP/443 - ssl-https042,8900.01 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1TCP/443 - ssl-https3621,149,123100.00 

Firewall: 10.12.0.1 - Interfaces: inside to outside - Go to top

Top 50 sources out of 58 unique sources

NoSourceBytes%Comment
110.12.0.24815,136,47149.67 
210.12.0.2476,502,24921.34 
310.12.0.2504,804,27015.761 denials recorded on 4/6/2015 1:16:36 PM
410.12.2.1591,871,7936.14 
510.12.0.1091,299,1234.26 
610.12.2.155355,8131.172670 denials recorded on 4/6/2015 9:57:04 AM
710.12.0.14246,7100.81 
810.12.0.1690,4790.30 
910.12.0.10262,3520.20 
1010.12.0.10137,8240.12 
1110.12.2.12623,1460.08 
1210.12.2.14920,5780.07 
1310.12.1.1002,2080.01 
1410.12.0.1041,6050.01 
1510.12.0.251,4500.00 
1610.12.2.1041,2020.00 
1710.12.3.1561,1010.00 
1810.12.2.1151,0740.001400 denials recorded on 4/6/2015 8:12:43 AM
1910.12.2.1549110.00 
2010.12.2.28620.00 
2110.12.2.1736470.00 
2210.12.2.1296460.00 
2310.12.2.1516160.00 
2410.12.2.16120.00 
2510.12.2.1406110.00 
2610.12.2.1506020.00 
2710.12.2.1275390.00 
2810.12.2.1245310.00 
2910.12.2.75290.00 
3010.12.2.1125090.00 
3110.12.2.1374780.00 
3210.12.2.1094750.00 
3310.12.3.1234620.00 
3410.12.2.1524610.00 
3510.12.2.1744590.00 
3610.12.3.1294530.00 
3710.12.2.1184420.00 
3810.12.2.1614350.00 
3910.12.2.1253940.00 
4010.12.2.33940.00 
4110.12.3.1553590.00 
4210.12.2.1813550.00 
4310.12.2.1113470.00 
4410.12.2.03330.00 
4510.12.2.1073260.00 
4610.12.2.1393260.00 
4710.12.2.1693240.00 
4810.12.3.1492880.00 
4910.12.2.1862410.00 
5010.12.3.1482290.00 



Top 50 destinations out of 57 unique destinations

NoDestinationBytes%Comment
140.143.47.11621,637,95271.00 
2dns-comm-cac-lb-01.southeast.rr.com (24.25.5.60)5,529,08718.14 
3yk-in-f104.1e100.net (74.125.196.104)690,1182.26 
4192.168.109.254666,3742.19 
5192.168.1.11355,4651.17 
6iad23s23-in-f17.1e100.net (74.125.228.209)341,0491.12 
7yk-in-f106.1e100.net (74.125.196.106)267,3450.88 
8iad23s43-in-f2.1e100.net (216.58.217.130)152,2160.50 
9iad23s43-in-f142.1e100.net (216.58.217.142)132,2370.43 
10192.168.1.1108,2070.36 
11205.158.110.60.ptr.us.xo.net (205.158.110.60)83,0880.27 
12iad23s43-in-f13.1e100.net (216.58.217.141)69,6250.23 
13time.videxio.net (176.58.109.199)62,3520.20 
14dns-comm-cac-lb-02.southeast.rr.com (24.25.5.61)62,3380.20 
15iad23s43-in-f3.1e100.net (216.58.217.131)50,1510.16 
16iad23s23-in-f9.1e100.net (74.125.228.201)38,0870.12 
17prisoner.iana.org (192.175.48.1)32,5570.11 
18173.194.121.027,7420.09 
19173.194.126.17527,4050.09 
20h132.220.188.173.static.ip.windstream.net (173.188.220.132)23,1460.08 
21qb-in-f95.1e100.net (173.194.204.95)18,8870.06 
22ber01s08-in-f23.1e100.net (173.194.32.215)14,4960.05 
23iad23s26-in-f14.1e100.net (173.194.121.46)10,8600.04 
24time-a.nist.gov (129.6.15.28)8,1120.03 
25iad23s23-in-f24.1e100.net (74.125.228.216)6,8270.02 
26qg-in-f95.1e100.net (74.125.29.95)5,4370.02 
27a72-246-184-21.deploy.akamaitechnologies.com (72.246.184.21)4,5770.02 
28a69-192-2-139.deploy.akamaitechnologies.com (69.192.2.139)4,5770.02 
29213.200.111.1164,5770.02 
30a96-6-40-29.deploy.akamaitechnologies.com (96.6.40.29)4,4790.01 
31192.168.109.2514,3680.01 
32ql-in-f95.1e100.net (173.194.208.95)3,7130.01 
33na-in-f95.1e100.net (64.233.171.95)3,7130.01 
34173.194.121.23,3700.01 
3574.125.228.2312,7370.01 
36iad23s23-in-f3.1e100.net (74.125.228.195)2,7370.01 
3774.125.228.2552,7370.01 
38a72-246-184-6.deploy.akamaitechnologies.com (72.246.184.6)2,2720.01 
39ns.unc.edu (152.2.21.1)2,2080.01 
4010.12.0.2241,9580.01768 denials recorded on 4/6/2015 2:15:37 PM
41192.168.1.39000.00 
42192.168.1.29000.00 
43165.224.52.1478240.00 
44e.root-servers.net (192.203.230.10)8010.00 
45m.gtld-servers.net (192.55.83.30)7270.00 
46165.224.59.107250.00 
47192.168.1.2543840.00 
48209.140.120.1941920.00 
4923.102.23.441920.00 
50master8-udp.teamviewer.com (178.77.120.105)1920.00 




Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
110.12.0.248UDP/503220115,136,08749.67 
210.12.0.247UDP/22725016,501,86521.33 
310.12.0.250UDP/53 - dns28,2814,698,90815.421 denials recorded on 4/6/2015 1:16:36 PM
410.12.2.159UDP/443431,693,5935.56 
510.12.0.109UDP/53 - dns8,4321,253,8594.11 
610.12.2.155UDP/161 - snmp01355,3791.172670 denials recorded on 4/6/2015 9:57:04 AM
710.12.0.14UDP/53 - dns1,775246,2700.81 
810.12.2.159UDP/8007177,8960.58 
910.12.0.250UDP/137 - netbios122100,9940.33 
1010.12.0.16UDP/53 - dns49480,9540.27 
1110.12.0.102UDP/123 - ntp17162,3520.20 
1210.12.0.109UDP/123 - ntp14445,2640.15 
1310.12.0.101UDP/123 - ntp14437,8240.12 
1410.12.2.126UDP/115000223,1460.08 
1510.12.2.149UDP/34785120,4820.07 
1610.12.0.16UDP/123 - ntp837,9200.03 
1710.12.0.250UDP/161 - snmp214,3680.01 
1810.12.1.100UDP/123 - ntp232,2080.01 
1910.12.0.16UDP/137 - netbios081,6050.01 
2010.12.0.104UDP/137 - netbios081,6050.01 
2110.12.0.25UDP/27892031,4500.00 
2210.12.2.104UDP/389 - ldap071,2020.00 
2310.12.3.156UDP/389 - ldap051,1010.00 
2410.12.2.115UDP/389 - ldap041,0060.001400 denials recorded on 4/6/2015 8:12:43 AM
2510.12.2.154UDP/389 - ldap049110.00 
2610.12.2.2UDP/389 - ldap048620.00 
2710.12.2.173UDP/389 - ldap046470.00 
2810.12.2.151UDP/389 - ldap046160.00 
2910.12.2.1UDP/389 - ldap046120.00 
3010.12.2.150UDP/389 - ldap046020.00 
3110.12.2.140UDP/389 - ldap035430.00 
3210.12.2.7UDP/389 - ldap035290.00 
3310.12.2.112UDP/389 - ldap035090.00 
3410.12.2.137UDP/389 - ldap034780.00 
3510.12.2.109UDP/389 - ldap034750.00 
3610.12.2.124UDP/389 - ldap034630.00 
3710.12.3.123UDP/389 - ldap024620.00 
3810.12.2.152UDP/389 - ldap034610.00 
3910.12.2.174UDP/389 - ldap034590.00 
4010.12.2.129UDP/389 - ldap024540.00 
4110.12.3.129UDP/389 - ldap024530.00 
4210.12.2.118UDP/389 - ldap034420.00 
4310.12.0.14UDP/137 - netbios034400.00 
4410.12.2.3UDP/389 - ldap023940.00 
4510.12.2.161UDP/389 - ldap023670.00 
4610.12.2.181UDP/389 - ldap023550.00 
4710.12.2.111UDP/389 - ldap023470.00 
4810.12.2.125UDP/389 - ldap023260.00 
4910.12.2.107UDP/389 - ldap023260.00 
5010.12.2.139UDP/389 - ldap023260.00 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
110.12.0.24840.143.47.116UDP/503220115,136,08749.67 
210.12.0.24740.143.47.116UDP/22725016,501,86521.33 
310.12.0.250dns-comm-cac-lb-01.southeast.rr.com (24.25.5.60)UDP/53 - dns24,3703,985,74013.081 denials recorded on 4/6/2015 1:16:36 PM
410.12.0.109dns-comm-cac-lb-01.southeast.rr.com (24.25.5.60)UDP/53 - dns8,4321,253,8594.11 
510.12.2.159yk-in-f104.1e100.net (74.125.196.104)UDP/44302690,1182.26 
610.12.0.250192.168.109.254UDP/53 - dns3,520648,7402.13 
710.12.2.155192.168.1.11UDP/161 - snmp01355,3791.172670 denials recorded on 4/6/2015 9:57:04 AM
810.12.2.159iad23s23-in-f17.1e100.net (74.125.228.209)UDP/44301341,0491.12 
910.12.2.159yk-in-f106.1e100.net (74.125.196.106)UDP/44301267,3450.88 
1010.12.0.14dns-comm-cac-lb-01.southeast.rr.com (24.25.5.60)UDP/53 - dns1,564212,4520.70 
1110.12.2.159iad23s43-in-f2.1e100.net (216.58.217.130)UDP/8002152,2160.50 
1210.12.2.159iad23s43-in-f142.1e100.net (216.58.217.142)UDP/44307117,4310.39 
1310.12.0.250192.168.1.1UDP/137 - netbios118100,7460.33 
1410.12.0.16dns-comm-cac-lb-01.southeast.rr.com (24.25.5.60)UDP/53 - dns47877,0360.25 
1510.12.2.159iad23s43-in-f13.1e100.net (216.58.217.141)UDP/4430869,6250.23 
1610.12.0.102time.videxio.net (176.58.109.199)UDP/123 - ntp17162,3520.20 
1710.12.0.250dns-comm-cac-lb-02.southeast.rr.com (24.25.5.61)UDP/53 - dns38662,3380.20 
1810.12.0.109205.158.110.60.ptr.us.xo.net (205.158.110.60)UDP/123 - ntp14445,2640.15 
1910.12.2.159iad23s43-in-f3.1e100.net (216.58.217.131)UDP/4430544,7140.15 
2010.12.2.159iad23s23-in-f9.1e100.net (74.125.228.201)UDP/4430238,0870.12 
2110.12.0.101205.158.110.60.ptr.us.xo.net (205.158.110.60)UDP/123 - ntp14437,8240.12 
2210.12.0.14prisoner.iana.org (192.175.48.1)UDP/53 - dns20532,5570.11 
2310.12.2.159173.194.121.0UDP/4430227,7420.09 
2410.12.2.159173.194.126.175UDP/4430227,4050.09 
2510.12.2.126h132.220.188.173.static.ip.windstream.net (173.188.220.132)UDP/115000223,1460.08 
2610.12.2.159qb-in-f95.1e100.net (173.194.204.95)UDP/4430218,8870.06 
2710.12.2.159iad23s43-in-f142.1e100.net (216.58.217.142)UDP/800314,8060.05 
2810.12.2.159ber01s08-in-f23.1e100.net (173.194.32.215)UDP/4430214,4960.05 
2910.12.2.159iad23s26-in-f14.1e100.net (173.194.121.46)UDP/4430210,8600.04 
3010.12.0.16time-a.nist.gov (129.6.15.28)UDP/123 - ntp837,9200.03 
3110.12.2.159iad23s23-in-f24.1e100.net (74.125.228.216)UDP/443016,8270.02 
3210.12.2.159qg-in-f95.1e100.net (74.125.29.95)UDP/80015,4370.02 
3310.12.2.159iad23s43-in-f3.1e100.net (216.58.217.131)UDP/80015,4370.02 
3410.12.2.149a72-246-184-21.deploy.akamaitechnologies.com (72.246.184.21)UDP/3478104,5770.02 
3510.12.2.149a69-192-2-139.deploy.akamaitechnologies.com (69.192.2.139)UDP/3478104,5770.02 
3610.12.2.149213.200.111.116UDP/3478114,5770.02 
3710.12.2.149a96-6-40-29.deploy.akamaitechnologies.com (96.6.40.29)UDP/3478104,4790.01 
3810.12.0.250192.168.109.251UDP/161 - snmp214,3680.01 
3910.12.0.16192.168.109.254UDP/53 - dns163,9180.01 
4010.12.2.159ql-in-f95.1e100.net (173.194.208.95)UDP/443013,7130.01 
4110.12.2.159na-in-f95.1e100.net (64.233.171.95)UDP/443013,7130.01 
4210.12.2.159173.194.121.2UDP/443013,3700.01 
4310.12.2.15974.125.228.231UDP/443012,7370.01 
4410.12.2.159iad23s23-in-f3.1e100.net (74.125.228.195)UDP/443012,7370.01 
4510.12.2.15974.125.228.255UDP/443012,7370.01 
4610.12.2.149a72-246-184-6.deploy.akamaitechnologies.com (72.246.184.6)UDP/3478102,2720.01 
4710.12.1.100ns.unc.edu (152.2.21.1)UDP/123 - ntp232,2080.01 
4810.12.3.156192.168.109.254UDP/389 - ldap051,1010.00 
4910.12.2.154192.168.109.254UDP/389 - ldap049110.00 
5010.12.0.14192.168.1.1UDP/53 - dns048600.00 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1UDP/503220115,136,08749.67 
2UDP/22725016,501,86521.33 
3UDP/53 - dns38,9866,280,77120.61 
4UDP/443431,693,5935.56 
5UDP/161 - snmp23359,8331.18 
6UDP/8007177,8960.58 
7UDP/123 - ntp575156,4280.51 
8UDP/137 - netbios145104,9540.34 
9UDP/115000223,1460.08 
10UDP/34785120,4820.07 
11UDP/389 - ldap10218,5710.06 
12UDP/27892051,6480.01 
13UDP/5938045760.00 
14UDP/5888601960.00 
15UDP/4945801960.00 
16UDP/1100001000.00 



Top 50 denied sources

NoSourceConnectionsFirst denial%Comment
110.12.0.250014/6/2015 1:16:36 PM100.001 denials recorded on 4/6/2015 1:16:36 PM

Top 50 destinations for denied connections

NoDestinationConnectionsFirst denial%Comment
1192.168.109.254014/6/2015 1:16:36 PM100.00 

Top 50 denied protocols

NoDenied protocolConnectionsFirst denial%Comment
1ICMP/3 - unreach014/6/2015 1:16:36 PM100.00 

Top 50 denial reasons

NoDenial reasonConnectionsFirst denial%Comment
1No matching connection014/6/2015 1:16:36 PM100.00 

Top 50 denied sources, destinations, protocols and reasons

NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
110.12.0.250192.168.109.254ICMP/3 - unreachNo matching connection014/6/2015 1:16:36 PM100.001 denials recorded on 4/6/2015 1:16:36 PM

Top 50 denied protocols and reasons

NoProtocolReasonDenials%Comment
1ICMP/3 - unreachNo matching connection01100.00 

Firewall: 10.12.0.1 - Interfaces: outside to dmz - Go to top

Sources (5 unique)

NoSourceBytes%Comment
1222.186.56.431,03638.63 
259.108.91.23748117.93 
3168.144.38.3245216.85 
461.240.144.6639914.88 
5110.77.171.7331411.71 



Destinations (1 unique)

NoDestinationBytes%Comment
1172.16.2.102,682100.00 


Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
1222.186.56.43TCP/8080 - http proxy021,03638.63 
259.108.91.237TCP/8080 - http proxy0148117.93 
3168.144.38.32TCP/8080 - http proxy0145216.85 
461.240.144.66TCP/8080 - http proxy0139914.88 
5110.77.171.73TCP/8080 - http proxy0131411.71 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
1222.186.56.43172.16.2.10TCP/8080 - http proxy021,03638.63 
259.108.91.237172.16.2.10TCP/8080 - http proxy0148117.93 
3168.144.38.32172.16.2.10TCP/8080 - http proxy0145216.85 
461.240.144.66172.16.2.10TCP/8080 - http proxy0139914.88 
5110.77.171.73172.16.2.10TCP/8080 - http proxy0131411.71 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1TCP/8080 - http proxy062,682100.00 

Top 50 denied sources

NoSourceConnectionsFirst denial%Comment
161.240.144.64124/6/2015 3:28:27 AM02.3612 denials recorded on 4/6/2015 3:28:27 AM
261.240.144.65114/6/2015 12:35:27 AM02.1611 denials recorded on 4/6/2015 12:35:27 AM
361.240.144.67084/6/2015 1:02:25 AM01.578 denials recorded on 4/6/2015 1:02:25 AM
4218.77.79.43084/6/2015 3:40:33 AM01.57 
5census6.shodan.io (66.240.236.119)064/6/2015 4:36:08 AM01.18 
6s5.securityresearch.360.cn (61.160.224.128)064/6/2015 1:17:43 PM01.18 
7197.189.206.91064/6/2015 5:18:32 PM01.18 
891.194.254.142054/6/2015 1:57:03 AM00.98 
961.240.144.66054/6/2015 2:00:05 AM00.98 
1049.143.159.95054/6/2015 7:51:48 AM00.98 
11s7.securityresearch.360.cn (61.160.224.130)054/6/2015 12:56:59 PM00.98 
12s6.securityresearch.360.cn (61.160.224.129)054/6/2015 3:11:12 PM00.98 
1359.108.91.237044/6/2015 12:44:32 AM00.79 
14or.allmarketinator.com (162.244.35.24)044/6/2015 12:57:28 AM00.79 
1593.180.5.26044/6/2015 1:55:07 AM00.79 
16census12.shodan.io (71.6.165.200)044/6/2015 8:31:42 AM00.79 
17213.252.166.190.f.sta.codetel.net.do (190.166.252.213)044/6/2015 6:39:22 PM00.79 
18117.21.176.109034/6/2015 3:52:17 AM00.59 
19110.153.8.155034/6/2015 5:16:57 AM00.59 
2061.160.247.140034/6/2015 6:48:51 AM00.59 
21222.186.15.3034/6/2015 7:13:59 AM00.59 
22222.186.134.9034/6/2015 7:56:31 AM00.59 
2343.255.191.170034/6/2015 7:57:53 AM00.59 
24202.62.73.86034/6/2015 8:31:38 AM00.59906 denials recorded on 4/6/2015 7:53:28 AM
25183.136.216.7034/6/2015 9:26:20 AM00.59 
26118-161-241-253.dynamic-ip.hinet.net (118.161.241.253)034/6/2015 10:29:40 AM00.59 
27hn.kd.ny.adsl (182.118.54.85)034/6/2015 1:21:10 PM00.59 
28222.186.21.201034/6/2015 1:31:28 PM00.59 
29221.235.188.212034/6/2015 3:50:08 PM00.59 
30v157-7-123-114.z1d16.static.cnode.jp (157.7.123.114)034/6/2015 5:29:11 PM00.59 
31113-53-231-2.totisp.net (113.53.231.2)034/6/2015 11:19:22 PM00.59 
32115.21.62.164034/6/2015 11:21:34 PM00.59 
3323-95-114-98-host.colocrossing.com (23.95.114.98)034/6/2015 11:48:20 PM00.59 
34mta1fr.gumnar.fr (212.129.61.193)024/6/2015 12:35:49 AM00.39 
35census8.shodan.io (66.240.192.138)024/6/2015 12:46:12 AM00.39 
36census2.shodan.io (198.20.69.98)024/6/2015 12:54:39 AM00.39 
37221.235.188.210024/6/2015 12:54:49 AM00.39 
38112.253.2.180024/6/2015 1:32:57 AM00.39 
39058176079184.ctinets.com (58.176.79.184)024/6/2015 1:49:24 AM00.39 
40219.255.130.130024/6/2015 2:00:51 AM00.39 
41192-3-207-90-host.colocrossing.com (192.3.207.90)024/6/2015 2:38:45 AM00.39 
42census9.shodan.io (71.6.167.142)024/6/2015 2:39:39 AM00.39 
43221.235.188.213024/6/2015 2:52:11 AM00.39 
4446-211-21-14.broadband.kyivstar.net (46.211.21.14)024/6/2015 3:07:28 AM00.39 
4571.106.149.243024/6/2015 3:29:43 AM00.39 
46119.32.90.146024/6/2015 3:45:05 AM00.39 
4743.255.191.166024/6/2015 3:46:54 AM00.39 
48124.232.142.220024/6/2015 3:47:50 AM00.39 
49hosted-by.Eqservers.com (162.210.198.36)024/6/2015 3:53:02 AM00.39 
50197.6.97.248024/6/2015 3:56:51 AM00.39 

Top 50 destinations for denied connections

NoDestinationConnectionsFirst denial%Comment
1172.16.2.104704/6/2015 12:01:26 AM92.34 
2rrcs-24-106-197-136.se.biz.rr.com (24.106.197.136)394/6/2015 12:00:29 AM07.66 

Top 50 denied protocols

NoDenied protocolConnectionsFirst denial%Comment
1TCP/22 - ssh614/6/2015 12:28:34 AM11.98 
2UDP/62556464/6/2015 12:32:10 AM09.04 
3ICMP/3 - unreach354/6/2015 12:00:29 AM06.88 
4TCP/23 - telnet354/6/2015 1:49:24 AM06.88 
5TCP/5900 - vnc324/6/2015 12:23:31 AM06.29 
6TCP/1433 - ms sql284/6/2015 12:01:26 AM05.50 
7TCP/3389 - ms rdp194/6/2015 1:16:35 AM03.73 
8TCP/80 - http184/6/2015 12:44:32 AM03.54 
9UDP/5060144/6/2015 12:24:00 AM02.75 
10TCP/443 - ssl-https114/6/2015 3:05:56 AM02.16 
11UDP/123 - ntp104/6/2015 2:00:05 AM01.96 
12TCP/21320084/6/2015 12:57:28 AM01.57 
13TCP/3306 - mysql084/6/2015 5:10:47 AM01.57 
14UDP/1900 - univ. plug-and-play074/6/2015 4:33:38 AM01.38 
15TCP/9200074/6/2015 4:54:35 AM01.38 
16UDP/11813064/6/2015 12:04:27 AM01.18 
17ICMP/8 - ping064/6/2015 5:42:08 AM01.18 
18UDP/53 - dns054/6/2015 1:55:07 AM00.98 
19TCP/25 - smtp054/6/2015 8:57:12 AM00.98 
20UDP/19054/6/2015 12:53:22 PM00.98 
21TCP/27017044/6/2015 12:11:39 AM00.79 
22TCP/3128 - squid-http044/6/2015 1:13:19 AM00.79 
23ICMP/11044/6/2015 1:35:14 AM00.79 
24TCP/21 - ftp044/6/2015 3:40:33 AM00.79 
25UDP/137 - netbios044/6/2015 4:17:54 AM00.79 
26TCP/5631 - pcanywhere044/6/2015 6:55:38 AM00.79 
27UDP/161 - snmp034/6/2015 12:59:27 AM00.59 
28UDP/111034/6/2015 2:38:45 AM00.59 
29TCP/32764034/6/2015 3:55:18 AM00.59 
30TCP/4899 - radmin034/6/2015 6:43:47 AM00.59 
31TCP/8090034/6/2015 8:31:42 AM00.59 
32TCP/1521 - oracle024/6/2015 12:04:00 AM00.39 
33TCP/6379024/6/2015 12:14:33 AM00.39 
34TCP/993024/6/2015 2:34:29 AM00.39 
35UDP/1434 - ms sql monitor024/6/2015 3:04:32 AM00.39 
36TCP/1158024/6/2015 7:31:37 AM00.39 
37TCP/873 - rsync024/6/2015 7:35:30 AM00.39 
38TCP/223024/6/2015 7:42:33 AM00.39 
39TCP/8140024/6/2015 8:03:53 AM00.39 
40TCP/81 - http024/6/2015 8:36:07 AM00.39 
41TCP/1311024/6/2015 10:11:24 AM00.39 
42TCP/445 - netbios024/6/2015 10:40:10 AM00.39 
43TCP/2222024/6/2015 11:31:18 AM00.39 
44UDP/4143024/6/2015 2:48:07 PM00.39 
45TCP/1723 - pptp024/6/2015 4:08:18 PM00.39 
46TCP/11211024/6/2015 4:12:35 PM00.39 
47TCP/7001024/6/2015 4:54:12 PM00.39 
48TCP/8009024/6/2015 5:15:23 PM00.39 
49TCP/39200024/6/2015 7:03:10 PM00.39 
50TCP/8888024/6/2015 8:29:29 PM00.39 



Top 50 denial reasons

NoDenial reasonConnectionsFirst denial%Comment
1Access group acl_out4704/6/2015 12:01:26 AM92.34 
2No matching connection394/6/2015 12:00:29 AM07.66 



Top 50 denied sources, destinations, protocols and reasons

NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
191.194.254.142172.16.2.10TCP/22 - sshAccess group acl_out054/6/2015 1:57:03 AM0.98 
249.143.159.95172.16.2.10UDP/11813Access group acl_out054/6/2015 7:51:48 AM0.98 
359.108.91.237172.16.2.10TCP/80 - httpAccess group acl_out044/6/2015 12:44:32 AM0.79 
4or.allmarketinator.com (162.244.35.24)172.16.2.10TCP/21320Access group acl_out044/6/2015 12:57:28 AM0.79 
5213.252.166.190.f.sta.codetel.net.do (190.166.252.213)172.16.2.10TCP/23 - telnetAccess group acl_out044/6/2015 6:39:22 PM0.79 
6117.21.176.109172.16.2.10TCP/1433 - ms sqlAccess group acl_out034/6/2015 3:52:17 AM0.59 
7110.153.8.155172.16.2.10TCP/23 - telnetAccess group acl_out034/6/2015 5:16:57 AM0.59 
861.160.247.140172.16.2.10TCP/1433 - ms sqlAccess group acl_out034/6/2015 6:48:51 AM0.59 
9222.186.15.3172.16.2.10TCP/1433 - ms sqlAccess group acl_out034/6/2015 7:13:59 AM0.59 
10222.186.134.9172.16.2.10TCP/3306 - mysqlAccess group acl_out034/6/2015 7:56:31 AM0.59 
1143.255.191.170172.16.2.10TCP/22 - sshAccess group acl_out034/6/2015 7:57:53 AM0.59 
12202.62.73.86172.16.2.10TCP/22 - sshAccess group acl_out034/6/2015 8:31:38 AM0.59906 denials recorded on 4/6/2015 7:53:28 AM
13183.136.216.7172.16.2.10TCP/22 - sshAccess group acl_out034/6/2015 9:26:20 AM0.59 
14118-161-241-253.dynamic-ip.hinet.net (118.161.241.253)172.16.2.10TCP/25 - smtpAccess group acl_out034/6/2015 10:29:40 AM0.59 
15hn.kd.ny.adsl (182.118.54.85)172.16.2.10TCP/80 - httpAccess group acl_out034/6/2015 1:21:10 PM0.59 
16221.235.188.212172.16.2.10TCP/22 - sshAccess group acl_out034/6/2015 3:50:08 PM0.59 
17v157-7-123-114.z1d16.static.cnode.jp (157.7.123.114)172.16.2.10TCP/22 - sshAccess group acl_out034/6/2015 5:29:11 PM0.59 
18113-53-231-2.totisp.net (113.53.231.2)172.16.2.10TCP/5900 - vncAccess group acl_out034/6/2015 11:19:22 PM0.59 
19115.21.62.164172.16.2.10TCP/5900 - vncAccess group acl_out034/6/2015 11:21:34 PM0.59 
20221.235.188.210172.16.2.10TCP/22 - sshAccess group acl_out024/6/2015 12:54:49 AM0.39 
21112.253.2.180172.16.2.10TCP/22 - sshAccess group acl_out024/6/2015 1:32:57 AM0.39 
22058176079184.ctinets.com (58.176.79.184)172.16.2.10TCP/23 - telnetAccess group acl_out024/6/2015 1:49:24 AM0.39 
23219.255.130.130rrcs-24-106-197-136.se.biz.rr.com (24.106.197.136)ICMP/3 - unreachNo matching connection024/6/2015 2:00:51 AM0.39 
24192-3-207-90-host.colocrossing.com (192.3.207.90)172.16.2.10UDP/111Access group acl_out024/6/2015 2:38:45 AM0.39 
25221.235.188.213172.16.2.10TCP/22 - sshAccess group acl_out024/6/2015 2:52:11 AM0.39 
2646-211-21-14.broadband.kyivstar.net (46.211.21.14)172.16.2.10TCP/5900 - vncAccess group acl_out024/6/2015 3:07:28 AM0.39 
2771.106.149.243172.16.2.10TCP/23 - telnetAccess group acl_out024/6/2015 3:29:43 AM0.39 
28119.32.90.146172.16.2.10TCP/23 - telnetAccess group acl_out024/6/2015 3:45:05 AM0.39 
2943.255.191.166172.16.2.10TCP/22 - sshAccess group acl_out024/6/2015 3:46:54 AM0.39 
30124.232.142.220172.16.2.10UDP/53 - dnsAccess group acl_out024/6/2015 3:47:50 AM0.39 
31hosted-by.Eqservers.com (162.210.198.36)172.16.2.10TCP/3389 - ms rdpAccess group acl_out024/6/2015 3:53:02 AM0.39 
32197.6.97.248172.16.2.10TCP/5900 - vncAccess group acl_out024/6/2015 3:56:51 AM0.39 
33loft8335.dedicatedpanel.com (80.86.90.232)172.16.2.10TCP/22 - sshAccess group acl_out024/6/2015 4:43:43 AM0.39 
34S0106002215494a49.wp.shawcable.net (24.78.229.86)172.16.2.10TCP/23 - telnetAccess group acl_out024/6/2015 5:27:45 AM0.39 
35112.163.182.166172.16.2.10TCP/23 - telnetAccess group acl_out024/6/2015 6:17:13 AM0.39 
36malta1034.dedicatedpanel.com (85.25.214.38)172.16.2.10UDP/5060Access group acl_out024/6/2015 6:52:07 AM0.39 
37122.228.207.76172.16.2.10TCP/22 - sshAccess group acl_out024/6/2015 7:08:09 AM0.39 
38123.134.241.156172.16.2.10TCP/23 - telnetAccess group acl_out024/6/2015 7:45:22 AM0.39 
39180.175.159.198172.16.2.10TCP/23 - telnetAccess group acl_out024/6/2015 7:55:11 AM0.39 
40190.200.4.223172.16.2.10TCP/5900 - vncAccess group acl_out024/6/2015 8:30:46 AM0.39 
41186.167.242.2172.16.2.10TCP/5900 - vncAccess group acl_out024/6/2015 8:36:10 AM0.39 
42186-91-245-203.genericrev.cantv.net (186.91.245.203)172.16.2.10TCP/5900 - vncAccess group acl_out024/6/2015 9:30:51 AM0.39 
43193.85.26.131172.16.2.10ICMP/8 - pingAccess group acl_out024/6/2015 10:39:41 AM0.39 
44mx-ll-110.164.210-214.static.3bb.co.th (110.164.210.214)172.16.2.10TCP/445 - netbiosAccess group acl_out024/6/2015 10:40:10 AM0.39 
45186.120.70.255172.16.2.10TCP/5900 - vncAccess group acl_out024/6/2015 10:40:40 AM0.39 
4643.255.191.162172.16.2.10TCP/22 - sshAccess group acl_out024/6/2015 10:58:47 AM0.39 
47115.239.248.232172.16.2.10TCP/3389 - ms rdpAccess group acl_out024/6/2015 12:38:37 PM0.39 
48hart.clientshostname.com (31.148.219.9)172.16.2.10TCP/21320Access group acl_out024/6/2015 1:22:25 PM0.39 
49212-181-35-75.customer.telia.com (212.181.35.75)172.16.2.10TCP/3389 - ms rdpAccess group acl_out024/6/2015 1:47:41 PM0.39 
50211.172.74.248172.16.2.10TCP/23 - telnetAccess group acl_out024/6/2015 2:20:24 PM0.39 

Top 50 denied protocols and reasons

NoProtocolReasonDenials%Comment
1TCP/22 - sshAccess group acl_out6111.98 
2UDP/62556Access group acl_out469.04 
3ICMP/3 - unreachNo matching connection356.88 
4TCP/23 - telnetAccess group acl_out356.88 
5TCP/5900 - vncAccess group acl_out326.29 
6TCP/1433 - ms sqlAccess group acl_out285.50 
7TCP/3389 - ms rdpAccess group acl_out193.73 
8TCP/80 - httpAccess group acl_out183.54 
9UDP/5060Access group acl_out142.75 
10TCP/443 - ssl-httpsAccess group acl_out112.16 
11UDP/123 - ntpAccess group acl_out101.96 
12TCP/21320Access group acl_out081.57 
13TCP/3306 - mysqlAccess group acl_out081.57 
14UDP/1900 - univ. plug-and-playAccess group acl_out071.38 
15TCP/9200Access group acl_out071.38 
16UDP/11813Access group acl_out061.18 
17ICMP/8 - pingAccess group acl_out061.18 
18UDP/53 - dnsAccess group acl_out050.98 
19TCP/25 - smtpAccess group acl_out050.98 
20UDP/19Access group acl_out050.98 
21TCP/27017Access group acl_out040.79 
22TCP/3128 - squid-httpAccess group acl_out040.79 
23ICMP/11No matching connection040.79 
24TCP/21 - ftpAccess group acl_out040.79 
25UDP/137 - netbiosAccess group acl_out040.79 
26TCP/5631 - pcanywhereAccess group acl_out040.79 
27UDP/161 - snmpAccess group acl_out030.59 
28UDP/111Access group acl_out030.59 
29TCP/32764Access group acl_out030.59 
30TCP/4899 - radminAccess group acl_out030.59 
31TCP/8090Access group acl_out030.59 
32TCP/1521 - oracleAccess group acl_out020.39 
33TCP/6379Access group acl_out020.39 
34TCP/993Access group acl_out020.39 
35UDP/1434 - ms sql monitorAccess group acl_out020.39 
36TCP/1158Access group acl_out020.39 
37TCP/873 - rsyncAccess group acl_out020.39 
38TCP/223Access group acl_out020.39 
39TCP/8140Access group acl_out020.39 
40TCP/81 - httpAccess group acl_out020.39 
41TCP/1311Access group acl_out020.39 
42TCP/445 - netbiosAccess group acl_out020.39 
43TCP/2222Access group acl_out020.39 
44UDP/4143Access group acl_out020.39 
45TCP/1723 - pptpAccess group acl_out020.39 
46TCP/11211Access group acl_out020.39 
47TCP/7001Access group acl_out020.39 
48TCP/8009Access group acl_out020.39 
49TCP/39200Access group acl_out020.39 
50TCP/8888Access group acl_out020.39 

Firewall: 10.12.0.1 - Interfaces: outside to identity - Go to top

Sources (42 unique)

NoSourceBytes%Comment
199-43-176-252.lightspeed.rlghnc.sbcglobal.net (99.43.176.252)14,280,89398.79 
2202.62.73.86151,8961.05906 denials recorded on 4/6/2015 7:53:28 AM
3rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)21,5100.15 
458.218.204.241760.00 
543.255.191.133570.00 
6221.229.166.30570.00 
759.63.192.196570.00 
858.218.199.195570.00 
958.218.199.49570.00 
10218.87.111.108570.00 
11182.100.67.112570.00 
12221.229.166.28380.00 
1358.218.213.230380.00 
14221.229.166.29380.00 
15194-123-242-80-stat.customer.blic.net (80.242.123.194)380.00 
1661.160.213.190380.00 
1743.255.191.158380.00 
18218.200.188.213380.00 
19218.87.111.110380.00 
2058.218.213.254190.00 
21221.229.166.98190.00 
22solle.oceangoingcarrier.com (62.4.9.198)190.00 
2358.218.204.226190.00 
24221.229.160.223190.00 
25107.30.65.218.broad.xy.jx.dynamic.163data.com.cn (218.65.30.107)190.00 
26220-128-120-49.HINET-IP.hinet.net (220.128.120.49)190.00 
27email.rockon.me (72.52.77.67)190.00 
28117.40.239.54190.00 
2923.30.65.218.broad.xy.jx.dynamic.163data.com.cn (218.65.30.23)190.00 
3061.240.144.67190.008 denials recorded on 4/6/2015 1:02:25 AM
31compumir.ru (84.17.2.152)190.00 
32148.4.161.222.adsl-pool.jlccptt.net.cn (222.161.4.148)190.00 
3343.255.190.115190.00 
34v157-7-123-114.z1d16.static.cnode.jp (157.7.123.114)190.00 
35198.204.240.42190.00 
36182.100.67.102190.00 
3727.221.10.43190.00 
38218.87.111.118190.00 
3960.190.71.52190.00 
40hn.kd.ny.adsl (182.118.54.13)190.00 
41researchscan353.eecs.umich.edu (141.212.122.98)190.00 
4273.30.65.218.broad.xy.jx.dynamic.163data.com.cn (218.65.30.73)190.00 



Destinations (2 unique)

NoDestinationBytes%Comment
1rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)14,434,00599.85 
2tools2.cisco.com (173.37.145.8)21,5100.15 




Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
199-43-176-252.lightspeed.rlghnc.sbcglobal.net (99.43.176.252)UDP/4500 - vpn client0114,279,58398.78 
2202.62.73.86TCP/22 - ssh448151,8961.05906 denials recorded on 4/6/2015 7:53:28 AM
3rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/443 - ssl-https0121,5100.15 
499-43-176-252.lightspeed.rlghnc.sbcglobal.net (99.43.176.252)UDP/500 - ipsec011,3100.01 
558.218.204.241TCP/22 - ssh03760.00 
643.255.191.133TCP/22 - ssh01570.00 
7221.229.166.30TCP/22 - ssh03570.00 
859.63.192.196TCP/22 - ssh01570.00 
958.218.199.195TCP/22 - ssh01570.00 
1058.218.199.49TCP/22 - ssh03570.00 
11218.87.111.108TCP/22 - ssh01570.00 
12182.100.67.112TCP/22 - ssh01570.00 
13221.229.166.28TCP/22 - ssh02380.00 
1458.218.213.230TCP/22 - ssh01380.00 
15221.229.166.29TCP/22 - ssh02380.00 
16194-123-242-80-stat.customer.blic.net (80.242.123.194)TCP/22 - ssh02380.00 
1761.160.213.190TCP/22 - ssh01380.00 
1843.255.191.158TCP/22 - ssh01380.00 
19218.200.188.213TCP/22 - ssh02380.00 
20218.87.111.110TCP/22 - ssh01380.00 
2158.218.213.254TCP/22 - ssh01190.00 
22221.229.166.98TCP/22 - ssh01190.00 
23solle.oceangoingcarrier.com (62.4.9.198)TCP/22 - ssh01190.00 
2458.218.204.226TCP/22 - ssh01190.00 
25221.229.160.223TCP/22 - ssh01190.00 
26107.30.65.218.broad.xy.jx.dynamic.163data.com.cn (218.65.30.107)TCP/22 - ssh01190.00 
27220-128-120-49.HINET-IP.hinet.net (220.128.120.49)TCP/22 - ssh01190.00 
28email.rockon.me (72.52.77.67)TCP/22 - ssh01190.00 
29117.40.239.54TCP/22 - ssh01190.00 
3023.30.65.218.broad.xy.jx.dynamic.163data.com.cn (218.65.30.23)TCP/22 - ssh01190.00 
3161.240.144.67TCP/22 - ssh01190.008 denials recorded on 4/6/2015 1:02:25 AM
32compumir.ru (84.17.2.152)TCP/22 - ssh01190.00 
33148.4.161.222.adsl-pool.jlccptt.net.cn (222.161.4.148)TCP/22 - ssh01190.00 
3443.255.190.115TCP/22 - ssh01190.00 
35v157-7-123-114.z1d16.static.cnode.jp (157.7.123.114)TCP/22 - ssh01190.00 
36198.204.240.42TCP/22 - ssh01190.00 
37182.100.67.102TCP/22 - ssh01190.00 
3827.221.10.43TCP/22 - ssh01190.00 
39218.87.111.118TCP/22 - ssh01190.00 
4060.190.71.52TCP/22 - ssh01190.00 
41hn.kd.ny.adsl (182.118.54.13)TCP/22 - ssh01190.00 
42researchscan353.eecs.umich.edu (141.212.122.98)TCP/22 - ssh01190.00 
4373.30.65.218.broad.xy.jx.dynamic.163data.com.cn (218.65.30.73)TCP/22 - ssh01190.00 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
199-43-176-252.lightspeed.rlghnc.sbcglobal.net (99.43.176.252)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)UDP/4500 - vpn client0114,279,58398.78 
2202.62.73.86rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh448151,8961.05906 denials recorded on 4/6/2015 7:53:28 AM
3rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)tools2.cisco.com (173.37.145.8)TCP/443 - ssl-https0121,5100.15 
499-43-176-252.lightspeed.rlghnc.sbcglobal.net (99.43.176.252)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)UDP/500 - ipsec011,3100.01 
558.218.204.241rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh03760.00 
643.255.191.133rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01570.00 
7221.229.166.30rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh03570.00 
859.63.192.196rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01570.00 
958.218.199.195rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01570.00 
1058.218.199.49rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh03570.00 
11218.87.111.108rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01570.00 
12182.100.67.112rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01570.00 
13221.229.166.28rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh02380.00 
1458.218.213.230rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01380.00 
15221.229.166.29rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh02380.00 
16194-123-242-80-stat.customer.blic.net (80.242.123.194)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh02380.00 
1761.160.213.190rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01380.00 
1843.255.191.158rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01380.00 
19218.200.188.213rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh02380.00 
20218.87.111.110rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01380.00 
2158.218.213.254rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
22221.229.166.98rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
23solle.oceangoingcarrier.com (62.4.9.198)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
2458.218.204.226rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
25221.229.160.223rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
26107.30.65.218.broad.xy.jx.dynamic.163data.com.cn (218.65.30.107)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
27220-128-120-49.HINET-IP.hinet.net (220.128.120.49)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
28email.rockon.me (72.52.77.67)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
29117.40.239.54rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
3023.30.65.218.broad.xy.jx.dynamic.163data.com.cn (218.65.30.23)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
3161.240.144.67rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.008 denials recorded on 4/6/2015 1:02:25 AM
32compumir.ru (84.17.2.152)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
33148.4.161.222.adsl-pool.jlccptt.net.cn (222.161.4.148)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
3443.255.190.115rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
35v157-7-123-114.z1d16.static.cnode.jp (157.7.123.114)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
36198.204.240.42rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
37182.100.67.102rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
3827.221.10.43rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
39218.87.111.118rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
4060.190.71.52rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
41hn.kd.ny.adsl (182.118.54.13)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
42researchscan353.eecs.umich.edu (141.212.122.98)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 
4373.30.65.218.broad.xy.jx.dynamic.163data.com.cn (218.65.30.73)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - ssh01190.00 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1UDP/4500 - vpn client0114,279,58398.78 
2TCP/22 - ssh497153,1121.06 
3TCP/443 - ssl-https0121,5100.15 
4UDP/500 - ipsec011,3100.01 



Top 50 denied sources

NoSourceConnectionsFirst denial%Comment
1222.238.192.240024/6/2015 4:10:25 PM05.412 denials recorded on 4/6/2015 4:10:25 PM
2188.135.179.205014/6/2015 12:24:40 AM02.701 denials recorded on 4/6/2015 12:24:40 AM
396.47.135.85014/6/2015 12:32:11 AM02.701 denials recorded on 4/6/2015 12:32:11 AM
4113.3.138.68014/6/2015 12:37:16 AM02.70 
5113.75.134.17014/6/2015 12:47:18 AM02.70 
614.121.33.60014/6/2015 1:23:24 AM02.70 
788.247.192.244.dynamic.ttnet.com.tr (88.247.192.244)014/6/2015 1:24:24 AM02.70 
8113.193.240.98014/6/2015 1:52:46 AM02.70 
9hosting.rcip.com (209.63.117.134)014/6/2015 2:10:14 AM02.70 
10pc247-87.opanet.cz (213.155.247.87)014/6/2015 2:28:29 AM02.70 
1159.86.192.69014/6/2015 3:36:18 AM02.70 
12202-3-86-115.static.diginet.co.nz (202.3.86.115)014/6/2015 4:07:03 AM02.70 
13port-213-160-20-99.static.qsc.de (213.160.20.99)014/6/2015 4:28:14 AM02.70 
1491.98.252.202.pol.ir (91.98.252.202)014/6/2015 4:56:56 AM02.70 
15hn.kd.ny.adsl (222.138.55.40)014/6/2015 5:01:34 AM02.70 
1649.93.24.121014/6/2015 5:22:34 AM02.70 
17125.64.240.123014/6/2015 5:32:15 AM02.70 
18123.160.190.110014/6/2015 6:04:40 AM02.70 
1939.114.248.59014/6/2015 7:05:00 AM02.70 
20244.44.235.221.broad.wh.hb.dynamic.163data.com.cn (221.235.44.244)014/6/2015 7:07:39 AM02.70 
21115.206.114.172014/6/2015 7:17:10 AM02.70 
22117.95.237.160014/6/2015 7:41:35 AM02.70 
23107.158.43.224014/6/2015 8:03:29 AM02.70 
24177-103-223-45.dsl.telesp.net.br (177.103.223.45)014/6/2015 8:07:17 AM02.70 
25client-109-2.najatelecom.net.br (177.10.109.2)014/6/2015 8:24:21 AM02.70 
26203.229.108.232014/6/2015 9:01:33 AM02.70 
2790-154-149-107.ip.btc-net.bg (90.154.149.107)014/6/2015 9:10:44 AM02.70 
28220-136-38-7.dynamic-ip.hinet.net (220.136.38.7)014/6/2015 9:27:51 AM02.70 
29211.244.34.150014/6/2015 10:27:16 AM02.70 
30218.77.79.43014/6/2015 10:38:01 AM02.70 
31192.99.104.114014/6/2015 12:25:41 PM02.70 
32m9-fkt-re4.comcor.ru (62.117.100.186)014/6/2015 2:38:41 PM02.70 
33nz181l86.bb18094.ctm.net (180.94.181.86)014/6/2015 10:19:48 PM02.70 
3472.67.117.82014/6/2015 10:32:15 PM02.70 
35abts-kk-static-217.32.166.122.airtelbroadband.in (122.166.32.217)014/6/2015 10:52:05 PM02.70 
36laregrage-ge-gw227.dnet.net.id (202.148.1.227)014/6/2015 11:41:45 PM02.70 

Top 50 destinations for denied connections

NoDestinationConnectionsFirst denial%Comment
1rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)374/6/2015 12:24:40 AM100.00 

Top 50 denied protocols

NoDenied protocolConnectionsFirst denial%Comment
1ICMP/3 - unreach334/6/2015 12:24:40 AM89.19 
2ICMP/11044/6/2015 12:32:11 AM10.81 



Top 50 denial reasons

NoDenial reasonConnectionsFirst denial%Comment
1No matching connection374/6/2015 12:24:40 AM100.00 

Top 50 denied sources, destinations, protocols and reasons

NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
1222.238.192.240rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection024/6/2015 4:10:25 PM5.412 denials recorded on 4/6/2015 4:10:25 PM
2188.135.179.205rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 12:24:40 AM2.701 denials recorded on 4/6/2015 12:24:40 AM
396.47.135.85rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/11No matching connection014/6/2015 12:32:11 AM2.701 denials recorded on 4/6/2015 12:32:11 AM
4113.3.138.68rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 12:37:16 AM2.70 
5113.75.134.17rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 12:47:18 AM2.70 
614.121.33.60rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 1:23:24 AM2.70 
788.247.192.244.dynamic.ttnet.com.tr (88.247.192.244)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 1:24:24 AM2.70 
8113.193.240.98rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 1:52:46 AM2.70 
9hosting.rcip.com (209.63.117.134)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 2:10:14 AM2.70 
10pc247-87.opanet.cz (213.155.247.87)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 2:28:29 AM2.70 
1159.86.192.69rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 3:36:18 AM2.70 
12202-3-86-115.static.diginet.co.nz (202.3.86.115)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 4:07:03 AM2.70 
13port-213-160-20-99.static.qsc.de (213.160.20.99)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 4:28:14 AM2.70 
1491.98.252.202.pol.ir (91.98.252.202)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 4:56:56 AM2.70 
15hn.kd.ny.adsl (222.138.55.40)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 5:01:34 AM2.70 
1649.93.24.121rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 5:22:34 AM2.70 
17125.64.240.123rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 5:32:15 AM2.70 
18123.160.190.110rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 6:04:40 AM2.70 
1939.114.248.59rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 7:05:00 AM2.70 
20244.44.235.221.broad.wh.hb.dynamic.163data.com.cn (221.235.44.244)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 7:07:39 AM2.70 
21115.206.114.172rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 7:17:10 AM2.70 
22117.95.237.160rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 7:41:35 AM2.70 
23107.158.43.224rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 8:03:29 AM2.70 
24177-103-223-45.dsl.telesp.net.br (177.103.223.45)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 8:07:17 AM2.70 
25client-109-2.najatelecom.net.br (177.10.109.2)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 8:24:21 AM2.70 
26203.229.108.232rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 9:01:33 AM2.70 
2790-154-149-107.ip.btc-net.bg (90.154.149.107)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 9:10:44 AM2.70 
28220-136-38-7.dynamic-ip.hinet.net (220.136.38.7)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 9:27:51 AM2.70 
29211.244.34.150rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 10:27:16 AM2.70 
30218.77.79.43rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 10:38:01 AM2.70 
31192.99.104.114rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 12:25:41 PM2.70 
32m9-fkt-re4.comcor.ru (62.117.100.186)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/11No matching connection014/6/2015 2:38:41 PM2.70 
33nz181l86.bb18094.ctm.net (180.94.181.86)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 10:19:48 PM2.70 
3472.67.117.82rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/3 - unreachNo matching connection014/6/2015 10:32:15 PM2.70 
35abts-kk-static-217.32.166.122.airtelbroadband.in (122.166.32.217)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/11No matching connection014/6/2015 10:52:05 PM2.70 
36laregrage-ge-gw227.dnet.net.id (202.148.1.227)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)ICMP/11No matching connection014/6/2015 11:41:45 PM2.70 

Top 50 denied protocols and reasons

NoProtocolReasonDenials%Comment
1ICMP/3 - unreachNo matching connection3389.19 
2ICMP/11No matching connection0410.81 

Firewall: 10.12.0.1 - Interfaces: outside to inside - Go to top

Top 50 sources out of 67 unique sources

NoSourceBytes%Comment
110.12.0.2482,121,398,34416.19 
210.12.0.1091,252,835,9349.56 
310.12.0.161,221,842,7879.33 
410.12.0.250865,389,5026.611 denials recorded on 4/6/2015 1:16:36 PM
5192.168.109.252743,945,0315.68 
610.12.2.123550,654,9824.201326 denials recorded on 4/6/2015 6:54:48 AM
710.12.2.152468,292,9463.57 
810.12.2.150400,326,6873.06 
910.12.2.1365,984,3982.79 
1010.12.2.118350,101,2402.67 
1110.12.2.165337,889,8692.58 
1210.12.2.154287,265,7422.19 
1310.12.2.112274,757,7412.10 
1410.12.2.170249,896,2231.91 
1510.12.2.107215,954,4301.65 
1610.12.2.109205,304,6791.57 
1710.12.2.3199,133,3131.52 
1810.12.2.161190,932,5471.46 
1910.12.2.115180,903,5071.381400 denials recorded on 4/6/2015 8:12:43 AM
2010.12.2.125173,668,9131.33 
2110.12.2.169170,471,2761.30 
2210.12.2.129167,375,2721.28 
2310.12.0.101147,938,3711.13 
2410.12.2.151143,960,2291.10 
2510.12.2.139137,004,4731.05 
2610.12.2.159129,663,5020.99 
2710.12.2.137128,828,2960.98 
2810.12.2.111120,627,0800.92 
2910.12.2.155110,483,5090.842670 denials recorded on 4/6/2015 9:57:04 AM
3010.12.2.167104,246,2490.80 
3110.12.2.14098,885,0050.75 
3210.12.2.14397,834,0560.75 
3310.12.2.17397,398,6120.74 
3410.12.2.296,422,4200.74 
3510.12.2.13486,376,2820.66 
3610.12.2.13583,420,3470.64 
3710.12.2.10479,578,0860.61 
3810.12.2.17873,222,4790.56 
3910.12.2.11965,513,1530.50 
4010.12.2.12458,538,0420.45 
4110.12.2.17449,252,5390.38 
4210.12.3.15646,642,1580.36 
4310.12.2.18145,617,7860.35 
4410.12.2.18629,200,0830.22 
4510.12.2.10513,721,3920.10 
4610.12.2.14811,820,6600.09 
4710.12.0.22411,688,2900.09768 denials recorded on 4/6/2015 2:15:37 PM
48192.168.109.25411,306,2270.09 
49192.168.109.2516,093,2670.05 
5010.12.0.315,342,2540.04 



Top 50 destinations out of 4260 unique destinations

NoDestinationBytes%Comment
1bc16288.bendcable.com (216.228.162.88)2,359,060,42418.01 
2192.168.109.2522,118,734,02816.17 
3webmail.ncmedboard.org (152.46.8.115)1,406,316,83810.74 
4zd-20-multi.zetta.net (199.204.173.20)1,119,845,6078.55 
5192.168.109.251579,289,8224.42 
610.12.0.101542,846,5834.14 
7cust-vip1-dc7.logicmonitor.com (69.25.43.192)390,217,8102.98 
8173.194.7.26329,298,6702.51 
9d3-5-0-5-0.a00.nycmny03.us.ra.verio.net (165.254.46.17)279,431,7872.13 
10a184-27-45-75.deploy.static.akamaitechnologies.com (184.27.45.75)188,247,9641.44 
1110.12.0.248182,608,4191.39 
12m.sos.nc.gov (199.90.110.99)174,476,7811.33 
13barracuda.com (64.235.147.33)136,424,0791.04 
14a184-27-45-61.deploy.static.akamaitechnologies.com (184.27.45.61)113,607,0120.87 
15192.221.102.253110,873,1430.85 
1667.225.164.138109,002,4590.83 
17a184-27-45-109.deploy.static.akamaitechnologies.com (184.27.45.109)90,240,9610.69 
188.27.243.12688,239,9100.67 
198.254.172.12670,419,8850.54 
20216.65.195.14368,239,9020.52 
21205.128.94.25365,828,0340.50 
22web.us1.hightail.net (199.182.176.231)57,399,7040.44 
23a23-3-13-75.deploy.static.akamaitechnologies.com (23.3.13.75)40,497,4150.31 
24a184-27-45-53.deploy.static.akamaitechnologies.com (184.27.45.53)39,787,1630.30 
25a23-62-6-80.deploy.static.akamaitechnologies.com (23.62.6.80)34,660,7630.26 
26iad23s43-in-f142.1e100.net (216.58.217.142)33,961,5540.26 
27a23-62-7-146.deploy.static.akamaitechnologies.com (23.62.7.146)32,344,6140.25 
28a23-4-181-163.deploy.static.akamaitechnologies.com (23.4.181.163)30,603,1540.23 
2910.12.0.25027,874,7870.211 denials recorded on 4/6/2015 1:16:36 PM
30216.105.103.7527,747,0570.21 
31173.194.132.7827,599,9680.21 
32mx10.surya-technologies.com (152.46.8.72)27,059,5070.21 
33l3.ycs.vip.nyc.yahoo.com (216.115.104.242)27,030,9900.21 
34mail.npdb.hrsa.gov (54.186.167.170)25,942,8760.20 
35xx-fbcdn-shv-02-dft4.fbcdn.net (31.13.66.5)24,541,3470.19 
36a23-218-103-214.deploy.static.akamaitechnologies.com (23.218.103.214)23,171,0080.18 
37216.65.195.15622,866,0480.17 
38a96-6-113-129.deploy.akamaitechnologies.com (96.6.113.129)22,242,2130.17 
39UNKNOWN-216-115-101-X.yahoo.com (216.115.101.178)21,968,7990.17 
40bc161106.bendcable.com (216.228.161.106)21,039,5620.16 
41173.194.63.21519,852,1670.15 
42a23-62-7-139.deploy.static.akamaitechnologies.com (23.62.7.139)19,790,6870.15 
43173.252.112.2319,286,9510.15845 denials recorded on 4/6/2015 6:58:05 AM
44216.65.195.15119,037,9870.15 
45a23-0-160-201.deploy.static.akamaitechnologies.com (23.0.160.201)18,658,4970.14 
46a-0008.a-msedge.net (204.79.197.210)18,049,4650.14 
47a23-62-7-154.deploy.static.akamaitechnologies.com (23.62.7.154)17,676,2250.13 
48a23-0-160-206.deploy.static.akamaitechnologies.com (23.0.160.206)16,712,2100.13 
4993.184.215.20016,683,4750.13 
50server-205-251-251-106.jfk5.r.cloudfront.net (205.251.251.106)15,783,7910.12 




Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
110.12.0.248TCP/61189061,799,790,12813.74 
210.12.0.109TCP/80 - http31,4801,248,373,4539.53 
310.12.0.16TCP/443 - ssl-https2,3831,221,821,0859.33 
4192.168.109.252TCP/25 - smtp8,902545,373,8454.16 
510.12.0.250TCP/60071,250525,884,6414.011 denials recorded on 4/6/2015 1:16:36 PM
610.12.2.123TCP/443 - ssl-https1,427413,762,3983.161326 denials recorded on 4/6/2015 6:54:48 AM
710.12.2.150TCP/443 - ssl-https2,412396,281,7083.03 
810.12.2.118TCP/443 - ssl-https2,150336,157,2612.57 
910.12.2.1TCP/1935105334,882,5462.56 
1010.12.2.165TCP/443 - ssl-https700334,184,0482.55 
1110.12.0.250TCP/443 - ssl-https3,630290,292,7442.22 
1210.12.2.154TCP/443 - ssl-https909284,302,1592.17 
1310.12.2.152TCP/443 - ssl-https2,331280,044,9822.14 
1410.12.2.112TCP/443 - ssl-https71274,757,7412.10 
1510.12.2.170TCP/443 - ssl-https1,141243,987,7491.86 
1610.12.2.107TCP/443 - ssl-https1,406215,954,4301.65 
1710.12.0.248TCP/6052275209,176,1191.60 
1810.12.2.109TCP/443 - ssl-https1,297203,494,7911.55 
1910.12.2.152TCP/193501188,247,9641.44 
2010.12.2.3TCP/443 - ssl-https1,645184,517,0721.41 
2110.12.2.125TCP/443 - ssl-https993173,668,9131.33 
2210.12.2.115TCP/443 - ssl-https1,581172,673,7651.321400 denials recorded on 4/6/2015 8:12:43 AM
2310.12.2.169TCP/443 - ssl-https273170,471,2761.30 
2410.12.2.129TCP/443 - ssl-https1,015165,096,4231.26 
2510.12.0.101TCP/80 - http673139,649,3781.07 
2610.12.2.151TCP/443 - ssl-https816131,610,4961.00 
2710.12.2.139TCP/443 - ssl-https1,327131,385,0631.00 
2810.12.2.123TCP/193507129,421,6660.99 
2910.12.2.137TCP/443 - ssl-https896128,710,8220.98 
3010.12.2.159TCP/443 - ssl-https812127,439,1610.97 
3110.12.2.161TCP/193504114,952,2700.88 
3210.12.2.111TCP/443 - ssl-https442110,264,5310.84 
3310.12.2.167TCP/443 - ssl-https548104,246,2490.80 
3410.12.2.155TCP/443 - ssl-https1,704104,234,3780.802670 denials recorded on 4/6/2015 9:57:04 AM
3510.12.2.140TCP/443 - ssl-https85698,885,0050.75 
3610.12.2.143TCP/443 - ssl-https82894,391,8530.72 
3710.12.2.2TCP/443 - ssl-https77990,444,0260.69 
3810.12.2.134TCP/443 - ssl-https1,95782,535,9890.63 
3910.12.2.161TCP/443 - ssl-https1,10075,980,2770.58 
40192.168.109.252TCP/600628775,592,0120.58 
4110.12.2.135TCP/443 - ssl-https41973,601,4170.56 
4210.12.2.104TCP/443 - ssl-https78072,779,8260.56 
4310.12.2.178TCP/443 - ssl-https1,62471,220,1220.54 
4410.12.2.119TCP/443 - ssl-https18863,317,1310.48 
4510.12.2.173TCP/80 - http1,05657,869,5240.44 
4610.12.2.124TCP/443 - ssl-https48156,727,7190.43 
47192.168.109.252TCP/643270154,141,6870.41 
4810.12.0.250TCP/135 - ms rpc3,75146,859,3610.36 
4910.12.3.156TCP/443 - ssl-https64346,121,0830.35 
5010.12.2.174TCP/80 - http65546,026,5690.35 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
110.12.0.248192.168.109.252TCP/61189061,799,790,12813.74 
210.12.0.16zd-20-multi.zetta.net (199.204.173.20)TCP/443 - ssl-https6491,119,845,6078.55 
3192.168.109.25210.12.0.101TCP/25 - smtp3,797542,846,5834.14 
410.12.0.250192.168.109.251TCP/60071,250525,884,6414.011 denials recorded on 4/6/2015 1:16:36 PM
510.12.2.165bc16288.bendcable.com (216.228.162.88)TCP/443 - ssl-https372291,731,2672.23 
610.12.0.250cust-vip1-dc7.logicmonitor.com (69.25.43.192)TCP/443 - ssl-https2,190284,574,0242.17 
710.12.2.112173.194.7.26TCP/443 - ssl-https09269,412,3612.06 
810.12.2.150d3-5-0-5-0.a00.nycmny03.us.ra.verio.net (165.254.46.17)TCP/443 - ssl-https18263,221,7752.01 
910.12.2.118bc16288.bendcable.com (216.228.162.88)TCP/443 - ssl-https299259,701,0181.98 
1010.12.2.154bc16288.bendcable.com (216.228.162.88)TCP/443 - ssl-https243209,568,1841.60 
1110.12.0.248192.168.109.252TCP/6052275209,176,1191.60 
1210.12.2.123webmail.ncmedboard.org (152.46.8.115)TCP/443 - ssl-https330204,469,8601.561326 denials recorded on 4/6/2015 6:54:48 AM
1310.12.2.123bc16288.bendcable.com (216.228.162.88)TCP/443 - ssl-https356191,274,0381.46 
1410.12.2.152a184-27-45-75.deploy.static.akamaitechnologies.com (184.27.45.75)TCP/193501188,247,9641.44 
1510.12.2.170bc16288.bendcable.com (216.228.162.88)TCP/443 - ssl-https475187,434,4331.43 
1610.12.2.3webmail.ncmedboard.org (152.46.8.115)TCP/443 - ssl-https1,289179,029,6931.37 
1710.12.2.169bc16288.bendcable.com (216.228.162.88)TCP/443 - ssl-https232169,835,7241.30 
1810.12.0.101barracuda.com (64.235.147.33)TCP/80 - http01136,262,1261.04 
1910.12.2.109bc16288.bendcable.com (216.228.162.88)TCP/443 - ssl-https343131,686,8841.01 
2010.12.2.161a184-27-45-61.deploy.static.akamaitechnologies.com (184.27.45.61)TCP/193502113,607,0120.87 
2110.12.2.152bc16288.bendcable.com (216.228.162.88)TCP/443 - ssl-https268111,528,2110.85 
2210.12.2.1192.221.102.253TCP/193532110,873,1430.85 
2310.12.2.129webmail.ncmedboard.org (152.46.8.115)TCP/443 - ssl-https103109,115,4220.83 
2410.12.0.16cust-vip1-dc7.logicmonitor.com (69.25.43.192)TCP/443 - ssl-https32492,185,6410.70 
2510.12.2.139bc16288.bendcable.com (216.228.162.88)TCP/443 - ssl-https18492,010,6890.70 
2610.12.2.115bc16288.bendcable.com (216.228.162.88)TCP/443 - ssl-https18189,357,4430.681400 denials recorded on 4/6/2015 8:12:43 AM
2710.12.2.123a184-27-45-109.deploy.static.akamaitechnologies.com (184.27.45.109)TCP/19350288,903,1420.68 
2810.12.2.155webmail.ncmedboard.org (152.46.8.115)TCP/443 - ssl-https1,13587,901,6180.672670 denials recorded on 4/6/2015 9:57:04 AM
2910.12.2.18.27.243.126TCP/19352987,761,4840.67 
3010.12.2.111m.sos.nc.gov (199.90.110.99)TCP/443 - ssl-https7387,606,2890.67 
3110.12.0.109m.sos.nc.gov (199.90.110.99)TCP/80 - http12686,324,8380.66 
3210.12.2.159bc16288.bendcable.com (216.228.162.88)TCP/443 - ssl-https26786,247,3620.66 
3310.12.2.137bc16288.bendcable.com (216.228.162.88)TCP/443 - ssl-https20681,673,3530.62 
34192.168.109.25210.12.0.248TCP/600628775,592,0120.58 
3510.12.2.18.254.172.126TCP/19352370,419,8850.54 
3610.12.2.167bc16288.bendcable.com (216.228.162.88)TCP/443 - ssl-https28168,998,2450.53 
3710.12.2.152216.65.195.143TCP/443 - ssl-https1768,239,9020.52 
3810.12.2.1205.128.94.253TCP/19352165,828,0340.50 
3910.12.2.140bc16288.bendcable.com (216.228.162.88)TCP/443 - ssl-https14461,191,9380.47 
4010.12.2.125173.194.7.26TCP/443 - ssl-https0959,886,3090.46 
4110.12.2.107webmail.ncmedboard.org (152.46.8.115)TCP/443 - ssl-https22659,852,2770.46 
4210.12.2.107web.us1.hightail.net (199.182.176.231)TCP/443 - ssl-https0757,399,7040.44 
4310.12.2.107bc16288.bendcable.com (216.228.162.88)TCP/443 - ssl-https20657,238,4660.44 
44192.168.109.25210.12.0.248TCP/643270154,141,6870.41 
4510.12.2.154webmail.ncmedboard.org (152.46.8.115)TCP/443 - ssl-https16353,980,4100.41 
4610.12.2.115webmail.ncmedboard.org (152.46.8.115)TCP/443 - ssl-https44852,182,0450.40 
4710.12.0.250192.168.109.251TCP/135 - ms rpc3,56846,748,3450.36 
4810.12.2.104webmail.ncmedboard.org (152.46.8.115)TCP/443 - ssl-https23245,913,9760.35 
4910.12.2.119bc16288.bendcable.com (216.228.162.88)TCP/443 - ssl-https10445,814,3740.35 
5010.12.2.151bc16288.bendcable.com (216.228.162.88)TCP/443 - ssl-https12945,803,0780.35 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1TCP/443 - ssl-https45,3707,205,109,78355.00 
2TCP/61189061,799,790,12813.74 
3TCP/80 - http34,6831,604,604,85512.25 
4TCP/1935119778,198,8275.94 
5TCP/25 - smtp8,916551,495,2064.21 
6TCP/60071,250525,884,6414.01 
7TCP/6052275209,176,1191.60 
8TCP/598574685,185,4060.65 
9TCP/600628775,592,0120.58 
10TCP/643270655,657,9840.42 
11TCP/135 - ms rpc5,03748,121,9570.37 
12TCP/605205739,553,5980.30 
13TCP/445 - netbios2,05828,134,5180.21 
14TCP/800014427,310,3170.21 
15TCP/389 - ldap2,16015,515,9970.12 
16TCP/61840111,040,7750.08 
17TCP/971054710,760,1850.08 
18TCP/4448093,711,4250.03 
19TCP/491555753,570,0780.03 
20TCP/32686553,424,8280.03 
21TCP/11945752,928,4170.02 
22TCP/72592342,613,3880.02 
23TCP/4070022,024,1210.02 
24TCP/5061951,994,4270.02 
25TCP/61492341,252,9500.01 
26TCP/465542871,193,3410.01 
27TCP/60992871,147,5350.01 
28TCP/593802620,2510.00 
29TCP/4918596587,9050.00 
30TCP/6433775549,1110.00 
31UDP/53 - dns2,152534,2870.00 
32TCP/4917962512,2250.00 
33TCP/6119119436,7380.00 
34TCP/102202408,1050.00 
35TCP/99202366,1070.00 
36TCP/8080 - http proxy118332,8590.00 
37TCP/22 - ssh09101,6090.00 
38TCP/60812498,6080.00 
39TCP/5000 - kibuv-worm1169,2250.00 
40TCP/500540165,6940.00 
41TCP/52230748,7240.00 
42TCP/52281045,6670.00 
43TCP/9930538,4820.00 
44UDP/138 - netbios1334,7960.00 
45TCP/500550124,4440.00 
46UDP/137 - netbios0522,7960.00 
47TCP/61600121,7020.00 
48UDP/123 - ntp8420,1600.00 
49UDP/161 - snmp5318,9210.00 
50TCP/347840918,4160.00 



Top 50 protocol TCP/80 - http: Sources, destinations, and traffic - Unique sources: 30, unique destinations: 3068

NoSourceDestinationConnectionsBytesComment
110.12.0.101barracuda.com (64.235.147.33)01136,262,126 
210.12.0.109m.sos.nc.gov (199.90.110.99)12686,324,838 
310.12.0.109a23-3-13-75.deploy.static.akamaitechnologies.com (23.3.13.75)0240,497,415 
410.12.0.109a23-62-7-146.deploy.static.akamaitechnologies.com (23.62.7.146)7732,344,614 
510.12.2.173a23-4-181-163.deploy.static.akamaitechnologies.com (23.4.181.163)1030,295,612 
610.12.0.109a23-62-6-80.deploy.static.akamaitechnologies.com (23.62.6.80)10022,656,676 
710.12.0.109a96-6-113-129.deploy.akamaitechnologies.com (96.6.113.129)0522,242,213 
810.12.2.174173.194.63.2150119,852,167 
910.12.0.109a23-62-7-139.deploy.static.akamaitechnologies.com (23.62.7.139)3719,512,302 
1010.12.0.109a23-0-160-201.deploy.static.akamaitechnologies.com (23.0.160.201)0117,685,957 
1110.12.0.109a23-62-7-154.deploy.static.akamaitechnologies.com (23.62.7.154)0217,676,225 
1210.12.0.109a23-0-160-206.deploy.static.akamaitechnologies.com (23.0.160.206)0216,712,210 
1310.12.0.109server-205-251-251-106.jfk5.r.cloudfront.net (205.251.251.106)0615,783,791 
1410.12.0.109a96-6-113-73.deploy.akamaitechnologies.com (96.6.113.73)0215,475,988 
1510.12.0.109a23-62-7-155.deploy.static.akamaitechnologies.com (23.62.7.155)3715,430,710 
1610.12.0.109www.ceridian.com (170.153.78.28)0714,872,618 
1710.12.2.367.225.164.1385514,616,241 
1810.12.0.109a23-196-40-62.deploy.static.akamaitechnologies.com (23.196.40.62)2713,469,288 
1910.12.0.109mediaserver-ch1-t1-1-v4.pandora.com (208.85.44.21)1013,017,644 
2010.12.0.109173.194.7.711312,266,769 
2110.12.2.15167.225.164.1386912,037,911 
2210.12.2.11867.225.164.1388611,964,069 
2310.12.0.10923.235.39.645811,635,484 
2410.12.0.109mediaserver-dc6-t1-2-v4.pandora.com (208.85.46.22)0911,623,485 
2510.12.0.10923.235.46.2380610,961,270 
2610.12.0.109199.27.76.1431810,804,362 
2710.12.2.1748.247.96.1860210,682,112 
2810.12.0.109mediaserver-dc6-t2-2-v4.pandora.com (208.85.46.26)0910,042,455 
2910.12.0.109162.242.230.31389,760,971 
3010.12.0.109a23-196-27-152.deploy.static.akamaitechnologies.com (23.196.27.152)309,280,838 
3110.12.2.13567.225.164.138379,242,603 
3210.12.0.109box805.bluehost.com (66.147.244.105)148,428,038 
3310.12.0.109mediaserver-ch1-t1-2-v4.pandora.com (208.85.44.22)068,237,733 
3410.12.0.109srv109.instyserver.com (72.52.226.70)247,945,597 
3510.12.0.109mediaserver-dc6-t1-1-v4.pandora.com (208.85.46.21)057,895,958 
3610.12.0.109108.161.188.192297,751,969 
3710.12.0.10923.235.46.129417,524,021 
3810.12.0.109mediaserver-dc6-t3-1-v4.pandora.com (208.85.46.29)057,373,657 
3910.12.0.109a23-196-33-121.deploy.static.akamaitechnologies.com (23.196.33.121)1277,246,740 
4010.12.0.109199.27.76.192537,034,150 
4110.12.0.109199.27.76.129426,685,930 
4210.12.2.10467.225.164.138336,476,810 
4310.12.0.10923.235.46.64326,276,769 
4410.12.0.10923.235.46.192576,222,564 
4510.12.0.109a-0001.a-msedge.net (204.79.197.200)3766,042,053 
4610.12.0.109host.impwebhost2.com (67.225.164.162)2356,005,069 
4710.12.2.12367.225.164.138285,934,8611326 denials recorded on 4/6/2015 6:54:48 AM
4810.12.0.10923.99.32.78115,873,427 
4910.12.0.109bc161108.bendcable.com (216.228.161.108)605,672,848 
5010.12.2.13967.225.164.138415,616,001 

Top 50 protocol TCP/25 - smtp: Sources, destinations, and traffic - Unique sources: 6, unique destinations: 3

NoSourceDestinationConnectionsBytesComment
1192.168.109.25210.12.0.1013,797542,846,583 
210.12.0.31mx10.surya-technologies.com (152.46.8.72)065,342,254 
3192.168.109.25210.12.0.2485,1052,527,262 
410.12.0.32mx10.surya-technologies.com (152.46.8.72)03466,486 
510.12.0.101mx10.surya-technologies.com (152.46.8.72)02188,416 
610.12.0.33mx10.surya-technologies.com (152.46.8.72)0292,318 
710.12.0.13mx10.surya-technologies.com (152.46.8.72)0131,887 

Top 50 denied sources

NoSourceConnectionsFirst denial%Comment
1performance-measurement-209-1.wdc002.pnap.net (69.25.27.118)2884/6/2015 12:10:08 AM05.87288 denials recorded on 4/6/2015 12:10:08 AM
2performance-measurement-2914-1.wdc002.pnap.net (69.25.27.108)2884/6/2015 12:10:12 AM05.87288 denials recorded on 4/6/2015 12:10:12 AM
369.25.27.1172884/6/2015 12:10:16 AM05.87288 denials recorded on 4/6/2015 12:10:16 AM
4performance-measurement-174-1.wdc002.pnap.net (69.25.27.110)2884/6/2015 12:10:20 AM05.87 
5performance-measurement-1299-1.wdc002.pnap.net (69.25.27.115)2884/6/2015 12:10:32 AM05.87 
6performance-measurement-7018-1.wdc002.pnap.net (69.25.27.112)2884/6/2015 12:10:36 AM05.87 
769.25.27.1142884/6/2015 12:10:40 AM05.87 
8performance-measurement-701-1.wdc002.pnap.net (69.25.27.111)2874/6/2015 12:10:28 AM05.85 
969.25.27.1162614/6/2015 12:10:24 AM05.32 
1061.240.144.64504/6/2015 12:56:59 AM01.0212 denials recorded on 4/6/2015 3:28:27 AM
11192.168.109.252504/6/2015 2:56:38 AM01.02 
12a72-246-184-6.deploy.akamaitechnologies.com (72.246.184.6)464/6/2015 12:26:00 PM00.94 
1361.240.144.65404/6/2015 12:35:26 AM00.8111 denials recorded on 4/6/2015 12:35:27 AM
14218.77.79.43364/6/2015 12:05:30 AM00.73 
15209.107.220.159364/6/2015 12:26:00 PM00.73 
1661.240.144.67354/6/2015 1:02:46 AM00.718 denials recorded on 4/6/2015 1:02:25 AM
1769.22.151.212324/6/2015 12:26:00 PM00.65 
1859.108.91.237274/6/2015 12:44:32 AM00.55 
1961.240.144.66254/6/2015 12:38:13 AM00.51 
20197.189.206.91224/6/2015 5:18:32 PM00.45 
21s6.securityresearch.360.cn (61.160.224.129)214/6/2015 12:17:40 PM00.43 
2269.25.27.52204/6/2015 9:05:28 AM00.41 
2369.25.27.88204/6/2015 12:58:06 PM00.41 
2469.25.27.96204/6/2015 12:58:08 PM00.41 
25s5.securityresearch.360.cn (61.160.224.128)194/6/2015 12:36:27 PM00.39 
26s7.securityresearch.360.cn (61.160.224.130)184/6/2015 1:09:46 PM00.37 
2793.180.5.26174/6/2015 1:23:34 AM00.35 
28213.252.166.190.f.sta.codetel.net.do (190.166.252.213)164/6/2015 6:39:22 PM00.33 
2940.143.47.116144/6/2015 6:18:53 PM00.29 
30atlantic.census.shodan.io (188.138.9.50)124/6/2015 12:12:15 AM00.24 
31census7.shodan.io (71.6.135.131)124/6/2015 12:38:03 AM00.24 
32117.21.176.109124/6/2015 3:52:17 AM00.24 
33110.153.8.155124/6/2015 5:16:57 AM00.24 
3461.160.247.140124/6/2015 6:48:51 AM00.24 
35222.186.15.3124/6/2015 7:13:59 AM00.24 
36222.186.134.9124/6/2015 7:56:31 AM00.24 
3743.255.191.170124/6/2015 7:57:01 AM00.24 
38202.62.73.86124/6/2015 8:31:10 AM00.24906 denials recorded on 4/6/2015 7:53:28 AM
39183.136.216.7124/6/2015 9:26:20 AM00.24 
40118-161-241-253.dynamic-ip.hinet.net (118.161.241.253)124/6/2015 10:29:40 AM00.24 
41222.186.21.201124/6/2015 1:31:28 PM00.24 
42221.235.188.212124/6/2015 3:50:35 PM00.24 
43v157-7-123-114.z1d16.static.cnode.jp (157.7.123.114)124/6/2015 5:29:11 PM00.24 
44census12.shodan.io (71.6.165.200)104/6/2015 12:25:51 AM00.20 
45hosted-by.slaskdatacenter.pl (178.19.107.117)104/6/2015 1:52:52 AM00.20 
46pacific.census.shodan.io (85.25.103.50)104/6/2015 2:28:21 AM00.20 
47census6.shodan.io (66.240.236.119)104/6/2015 2:45:00 AM00.20 
48or.allmarketinator.com (162.244.35.24)104/6/2015 7:30:01 AM00.20 
4969.25.27.20104/6/2015 9:05:30 AM00.20 
5023-95-114-98-host.colocrossing.com (23.95.114.98)104/6/2015 11:48:20 PM00.20 

Top 50 destinations for denied connections

NoDestinationConnectionsFirst denial%Comment
110.12.0.2503,1904/6/2015 12:01:26 AM65.001 denials recorded on 4/6/2015 1:16:36 PM
210.12.0.124974/6/2015 12:01:26 AM10.13 
310.12.0.2484824/6/2015 12:01:26 AM09.82 
410.12.0.2494804/6/2015 12:01:26 AM09.78 
510.12.2.1491144/6/2015 12:26:00 PM02.32 
6rrcs-24-106-197-137.se.biz.rr.com (24.106.197.137)354/6/2015 12:25:13 AM00.71 
7rrcs-24-106-197-138.se.biz.rr.com (24.106.197.138)344/6/2015 12:56:28 AM00.69 
8rrcs-24-106-197-133.se.biz.rr.com (24.106.197.133)324/6/2015 12:04:52 AM00.65 
9rrcs-24-106-197-139.se.biz.rr.com (24.106.197.139)324/6/2015 12:17:30 AM00.65 
1010.12.0.247084/6/2015 6:26:39 PM00.16 
1110.12.0.101034/6/2015 12:20:43 AM00.06 
1210.12.0.16014/6/2015 5:00:11 PM00.02 

Top 50 denied protocols

NoDenied protocolConnectionsFirst denial%Comment
1UDP/334456464/6/2015 12:10:09 AM13.16 
2UDP/334466054/6/2015 12:10:10 AM12.33 
3UDP/334445694/6/2015 12:10:08 AM11.59 
4UDP/334474434/6/2015 12:10:11 AM09.03 
5TCP/22 - ssh2314/6/2015 12:28:34 AM04.71 
6UDP/334432084/6/2015 12:10:21 AM04.24 
7ICMP/3 - unreach1794/6/2015 12:04:52 AM03.65 
8TCP/23 - telnet1664/6/2015 1:25:49 AM03.38 
9TCP/1433 - ms sql1104/6/2015 12:01:26 AM02.24 
10UDP/592391044/6/2015 12:26:00 PM02.12 
11TCP/8080 - http proxy854/6/2015 12:05:30 AM01.73 
12TCP/5900 - vnc824/6/2015 12:23:31 AM01.67 
13TCP/3389 - ms rdp774/6/2015 1:16:35 AM01.57 
14UDP/33448734/6/2015 12:10:39 AM01.49 
15UDP/62557664/6/2015 12:13:56 AM01.34 
16UDP/5060594/6/2015 12:24:00 AM01.20 
17UDP/33442584/6/2015 12:10:20 AM01.18 
18UDP/62553544/6/2015 12:20:10 AM01.10 
19UDP/62558464/6/2015 12:01:39 AM00.94 
20UDP/1900 - univ. plug-and-play464/6/2015 2:25:51 AM00.94 
21UDP/62559444/6/2015 12:02:25 AM00.90 
22UDP/123 - ntp424/6/2015 12:11:20 AM00.86 
23TCP/80 - http424/6/2015 12:30:51 AM00.86 
24TCP/3306 - mysql334/6/2015 5:10:47 AM00.67 
25TCP/443 - ssl-https324/6/2015 1:39:04 AM00.65 
26ICMP/8 - ping304/6/2015 2:18:10 AM00.61 
27TCP/9200304/6/2015 3:00:33 AM00.61 
28UDP/53 - dns284/6/2015 1:23:34 AM00.57 
29UDP/20179244/6/2015 1:45:49 AM00.49 
30UDP/7532224/6/2015 6:21:31 AM00.45 
31TCP/25 - smtp214/6/2015 7:34:40 AM00.43 
32UDP/42234204/6/2015 8:08:20 AM00.41 
33UDP/33437204/6/2015 12:58:06 PM00.41 
34TCP/21320194/6/2015 5:23:34 AM00.39 
35UDP/137 - netbios184/6/2015 4:17:54 AM00.37 
36TCP/21 - ftp174/6/2015 2:32:40 AM00.35 
37UDP/35052164/6/2015 12:53:48 AM00.33 
38TCP/5631 - pcanywhere164/6/2015 6:55:38 AM00.33 
39UDP/19154/6/2015 12:25:23 PM00.31 
40TCP/3128 - squid-http134/6/2015 12:27:35 AM00.26 
41UDP/161 - snmp134/6/2015 12:50:38 AM00.26 
42TCP/32764134/6/2015 3:51:44 AM00.26 
43UDP/111124/6/2015 2:38:45 AM00.24 
44TCP/4899 - radmin124/6/2015 5:39:45 AM00.24 
45TCP/11211104/6/2015 12:09:30 AM00.20 
46ICMP/11104/6/2015 2:19:05 AM00.20 
47UDP/33441104/6/2015 9:05:30 AM00.20 
48UDP/59234104/6/2015 12:30:17 PM00.20 
49TCP/1521 - oracle094/6/2015 12:04:00 AM00.18 
50TCP/6379094/6/2015 12:13:00 AM00.18 



Top 50 denial reasons

NoDenial reasonConnectionsFirst denial%Comment
1Access group acl_out4,7194/6/2015 12:01:26 AM96.15 
2No matching connection1894/6/2015 12:04:52 AM03.85 



Top 50 denied sources, destinations, protocols and reasons

NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
1performance-measurement-209-1.wdc002.pnap.net (69.25.27.118)10.12.0.250UDP/33444Access group acl_out724/6/2015 12:10:08 AM1.471 denials recorded on 4/6/2015 1:16:36 PM
1 denials recorded on 4/6/2015 1:16:36 PM
288 denials recorded on 4/6/2015 12:10:08 AM
2performance-measurement-209-1.wdc002.pnap.net (69.25.27.118)10.12.0.250UDP/33445Access group acl_out724/6/2015 12:10:09 AM1.47 
3performance-measurement-209-1.wdc002.pnap.net (69.25.27.118)10.12.0.250UDP/33446Access group acl_out724/6/2015 12:10:10 AM1.47 
4performance-measurement-209-1.wdc002.pnap.net (69.25.27.118)10.12.0.250UDP/33447Access group acl_out724/6/2015 12:10:11 AM1.47 
5performance-measurement-2914-1.wdc002.pnap.net (69.25.27.108)10.12.0.250UDP/33444Access group acl_out724/6/2015 12:10:12 AM1.47288 denials recorded on 4/6/2015 12:10:12 AM
6performance-measurement-2914-1.wdc002.pnap.net (69.25.27.108)10.12.0.250UDP/33445Access group acl_out724/6/2015 12:10:13 AM1.47 
7performance-measurement-2914-1.wdc002.pnap.net (69.25.27.108)10.12.0.250UDP/33446Access group acl_out724/6/2015 12:10:14 AM1.47 
8performance-measurement-2914-1.wdc002.pnap.net (69.25.27.108)10.12.0.250UDP/33447Access group acl_out724/6/2015 12:10:15 AM1.47 
969.25.27.11710.12.0.250UDP/33444Access group acl_out724/6/2015 12:10:16 AM1.47288 denials recorded on 4/6/2015 12:10:16 AM
1069.25.27.11710.12.0.250UDP/33445Access group acl_out724/6/2015 12:10:17 AM1.47 
1169.25.27.11710.12.0.250UDP/33446Access group acl_out724/6/2015 12:10:18 AM1.47 
1269.25.27.11710.12.0.250UDP/33447Access group acl_out724/6/2015 12:10:19 AM1.47 
13performance-measurement-701-1.wdc002.pnap.net (69.25.27.111)10.12.0.250UDP/33444Access group acl_out724/6/2015 12:10:28 AM1.47 
14performance-measurement-701-1.wdc002.pnap.net (69.25.27.111)10.12.0.250UDP/33445Access group acl_out724/6/2015 12:10:29 AM1.47 
15performance-measurement-701-1.wdc002.pnap.net (69.25.27.111)10.12.0.250UDP/33446Access group acl_out724/6/2015 12:10:30 AM1.47 
16performance-measurement-1299-1.wdc002.pnap.net (69.25.27.115)10.12.0.250UDP/33443Access group acl_out724/6/2015 12:10:32 AM1.47 
17performance-measurement-1299-1.wdc002.pnap.net (69.25.27.115)10.12.0.250UDP/33444Access group acl_out724/6/2015 12:10:33 AM1.47 
18performance-measurement-1299-1.wdc002.pnap.net (69.25.27.115)10.12.0.250UDP/33445Access group acl_out724/6/2015 12:10:34 AM1.47 
19performance-measurement-1299-1.wdc002.pnap.net (69.25.27.115)10.12.0.250UDP/33446Access group acl_out724/6/2015 12:10:35 AM1.47 
20performance-measurement-7018-1.wdc002.pnap.net (69.25.27.112)10.12.0.250UDP/33445Access group acl_out724/6/2015 12:10:36 AM1.47 
21performance-measurement-7018-1.wdc002.pnap.net (69.25.27.112)10.12.0.250UDP/33446Access group acl_out724/6/2015 12:10:37 AM1.47 
22performance-measurement-7018-1.wdc002.pnap.net (69.25.27.112)10.12.0.250UDP/33447Access group acl_out724/6/2015 12:10:38 AM1.47 
23performance-measurement-7018-1.wdc002.pnap.net (69.25.27.112)10.12.0.250UDP/33448Access group acl_out724/6/2015 12:10:39 AM1.47 
2469.25.27.11410.12.0.250UDP/33443Access group acl_out724/6/2015 12:10:40 AM1.47 
2569.25.27.11410.12.0.250UDP/33444Access group acl_out724/6/2015 12:10:41 AM1.47 
2669.25.27.11410.12.0.250UDP/33445Access group acl_out724/6/2015 12:10:42 AM1.47 
2769.25.27.11410.12.0.250UDP/33446Access group acl_out724/6/2015 12:10:43 AM1.47 
28performance-measurement-174-1.wdc002.pnap.net (69.25.27.110)10.12.0.250UDP/33444Access group acl_out714/6/2015 12:10:22 AM1.45 
29performance-measurement-174-1.wdc002.pnap.net (69.25.27.110)10.12.0.250UDP/33445Access group acl_out714/6/2015 12:10:23 AM1.45 
3069.25.27.11610.12.0.250UDP/33445Access group acl_out714/6/2015 12:10:25 AM1.45 
31performance-measurement-701-1.wdc002.pnap.net (69.25.27.111)10.12.0.250UDP/33447Access group acl_out714/6/2015 12:10:31 AM1.45 
3269.25.27.11610.12.0.250UDP/33446Access group acl_out684/6/2015 12:10:26 AM1.39 
3369.25.27.11610.12.0.250UDP/33444Access group acl_out664/6/2015 12:10:24 AM1.34 
3469.25.27.11610.12.0.250UDP/33447Access group acl_out564/6/2015 12:10:27 AM1.14 
35192.168.109.25210.12.0.250ICMP/3 - unreachNo matching connection504/6/2015 2:56:38 AM1.02 
36performance-measurement-174-1.wdc002.pnap.net (69.25.27.110)10.12.0.250UDP/33443Access group acl_out444/6/2015 12:10:21 AM0.90 
37performance-measurement-174-1.wdc002.pnap.net (69.25.27.110)10.12.0.250UDP/33442Access group acl_out384/6/2015 12:10:20 AM0.77 
38209.107.220.15910.12.2.149UDP/59239Access group acl_out364/6/2015 12:26:00 PM0.73 
39a72-246-184-6.deploy.akamaitechnologies.com (72.246.184.6)10.12.2.149UDP/59239Access group acl_out364/6/2015 12:26:00 PM0.73 
40performance-measurement-174-1.wdc002.pnap.net (69.25.27.110)10.12.0.250UDP/33446Access group acl_out334/6/2015 8:09:24 AM0.67 
4169.22.151.21210.12.2.149UDP/59239Access group acl_out324/6/2015 12:26:00 PM0.65 
42performance-measurement-174-1.wdc002.pnap.net (69.25.27.110)10.12.0.250UDP/33447Access group acl_out284/6/2015 8:09:25 AM0.57 
4369.25.27.5210.12.0.250UDP/33443Access group acl_out204/6/2015 9:05:28 AM0.41 
4469.25.27.8810.12.0.250UDP/33437Access group acl_out204/6/2015 12:58:06 PM0.41 
4569.25.27.9610.12.0.250UDP/33442Access group acl_out204/6/2015 12:58:08 PM0.41 
4669.25.27.2010.12.0.250UDP/33441Access group acl_out104/6/2015 9:05:30 AM0.20 
47a72-246-184-6.deploy.akamaitechnologies.com (72.246.184.6)10.12.2.149UDP/59234Access group acl_out104/6/2015 12:30:17 PM0.20 
48c-98-210-190-18.hsd1.ca.comcast.net (98.210.190.18)10.12.0.12UDP/35052Access group acl_out084/6/2015 12:53:48 AM0.16 
49222.238.189.13310.12.0.248UDP/20179Access group acl_out084/6/2015 7:25:00 AM0.16 
50115-39-154-173.fz.commufa.jp (115.39.154.173)10.12.0.250UDP/42234Access group acl_out084/6/2015 8:08:20 AM0.16 

Top 50 denied protocols and reasons

NoProtocolReasonDenials%Comment
1UDP/33445Access group acl_out64613.16 
2UDP/33446Access group acl_out60512.33 
3UDP/33444Access group acl_out56911.59 
4UDP/33447Access group acl_out4439.03 
5TCP/22 - sshAccess group acl_out2314.71 
6UDP/33443Access group acl_out2084.24 
7ICMP/3 - unreachNo matching connection1793.65 
8TCP/23 - telnetAccess group acl_out1663.38 
9TCP/1433 - ms sqlAccess group acl_out1102.24 
10UDP/59239Access group acl_out1042.12 
11TCP/8080 - http proxyAccess group acl_out851.73 
12TCP/5900 - vncAccess group acl_out821.67 
13TCP/3389 - ms rdpAccess group acl_out771.57 
14UDP/33448Access group acl_out731.49 
15UDP/62557Access group acl_out661.34 
16UDP/5060Access group acl_out591.20 
17UDP/33442Access group acl_out581.18 
18UDP/62553Access group acl_out541.10 
19UDP/62558Access group acl_out460.94 
20UDP/1900 - univ. plug-and-playAccess group acl_out460.94 
21UDP/62559Access group acl_out440.90 
22UDP/123 - ntpAccess group acl_out420.86 
23TCP/80 - httpAccess group acl_out420.86 
24TCP/3306 - mysqlAccess group acl_out330.67 
25TCP/443 - ssl-httpsAccess group acl_out320.65 
26ICMP/8 - pingAccess group acl_out300.61 
27TCP/9200Access group acl_out300.61 
28UDP/53 - dnsAccess group acl_out280.57 
29UDP/20179Access group acl_out240.49 
30UDP/7532Access group acl_out220.45 
31TCP/25 - smtpAccess group acl_out210.43 
32UDP/42234Access group acl_out200.41 
33UDP/33437Access group acl_out200.41 
34TCP/21320Access group acl_out190.39 
35UDP/137 - netbiosAccess group acl_out180.37 
36TCP/21 - ftpAccess group acl_out170.35 
37UDP/35052Access group acl_out160.33 
38TCP/5631 - pcanywhereAccess group acl_out160.33 
39UDP/19Access group acl_out150.31 
40TCP/3128 - squid-httpAccess group acl_out130.26 
41UDP/161 - snmpAccess group acl_out130.26 
42TCP/32764Access group acl_out130.26 
43UDP/111Access group acl_out120.24 
44TCP/4899 - radminAccess group acl_out120.24 
45TCP/11211Access group acl_out100.20 
46ICMP/11No matching connection100.20 
47UDP/33441Access group acl_out100.20 
48UDP/59234Access group acl_out100.20 
49TCP/1521 - oracleAccess group acl_out090.18 
50TCP/6379Access group acl_out090.18 

Firewall: 10.12.0.1 - Interfaces: Not specified - Go to top

Top 50 VPN users

NoSourceUserConnsFirst connLast connComment
110.12.0.1mtyson successfully authenticated using local database294/6/2015 1:10:28 PM4/6/2015 1:10:45 PM  
299-43-176-252.lightspeed.rlghnc.sbcglobal.net (99.43.176.252) acmuser24/6/2015 2:09:13 PM4/6/2015 2:09:13 PM  
310.12.0.1acmuser successfully authenticated using local database14/6/2015 2:09:13 PM4/6/2015 2:09:13 PM  
410.12.0.1Tunnel Manager failed to dispatch a KEY_ACQUIRE message. Probable mis-configuration of the crypto map or tunnel-group. Map Tag = Unknown. Map Sequence Number = 0.14/6/2015 2:46:04 PM4/6/2015 2:46:04 PM  



Top 50 LAN-to-LAN VPNs

NoSourceDestinationProtocolConnsFirst connLast connComment
1abuse.glsolutions.com (216.228.167.50)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)IPSEC3764/6/2015 12:00:22 AM4/6/2015 11:46:42 PM 
2152.46.8.43rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)IPSEC84/6/2015 2:14:05 AM4/6/2015 10:37:56 PM 



Top 50 denied sources

NoSourceConnectionsFirst denial%Comment
1abuse.glsolutions.com (216.228.167.50)1124/6/2015 12:00:21 AM99.12112 denials recorded on 4/6/2015 12:00:21 AM
2107.154.64.10.ip.incapdns.net (107.154.64.10)014/6/2015 10:05:09 AM00.881 denials recorded on 4/6/2015 10:05:09 AM

Top 50 destinations for denied connections

NoDestinationConnectionsFirst denial%Comment
110.12.0.11124/6/2015 12:00:21 AM99.12 
2rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)014/6/2015 10:05:09 AM00.88 

Top 50 denied protocols

NoDenied protocolConnectionsFirst denial%Comment
1IPSEC1124/6/2015 12:00:21 AM99.12 
2TCP/8635014/6/2015 10:05:09 AM00.88 



Top 50 denial reasons

NoDenial reasonConnectionsFirst denial%Comment
1Received encrypted packet with no matching SA1124/6/2015 12:00:21 AM99.12 
2Invalid transport field014/6/2015 10:05:09 AM00.88 



Top 50 denied sources, destinations, protocols and reasons

NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
1abuse.glsolutions.com (216.228.167.50)10.12.0.1IPSECReceived encrypted packet with no matching SA1124/6/2015 12:00:21 AM99.12112 denials recorded on 4/6/2015 12:00:21 AM
2107.154.64.10.ip.incapdns.net (107.154.64.10)rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/8635Invalid transport field014/6/2015 10:05:09 AM0.881 denials recorded on 4/6/2015 10:05:09 AM

Top 50 denied protocols and reasons

NoProtocolReasonDenials%Comment
1IPSECReceived encrypted packet with no matching SA11299.12 
2TCP/8635Invalid transport field010.88 

Top 50 warning messages

NoSourceDestinationProtocolWarningCountFirst warning%Comment
1Management10.12.0.1FIREWALL_MANAGEMENTUser authentication failed: Uname: root8764/6/2015 7:53:38 AM47.43 
2202.62.73.86rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)SSHLogin denied for user root4384/6/2015 7:53:38 AM23.71906 denials recorded on 4/6/2015 7:53:28 AM
3Management10.12.0.1FIREWALL_MANAGEMENTAAA user authentication Rejected : reason = Invalid password : local database : user = root4374/6/2015 7:53:38 AM23.66 
410.12.0.110.12.0.1-Drop rate exceeded124/6/2015 7:34:23 AM0.65 
5Management10.12.0.1FIREWALL_MANAGEMENTUser authentication failed: Uname: oracle044/6/2015 7:56:23 AM0.22 
6Management10.12.0.1FIREWALL_MANAGEMENTUser mtyson executed 'show curpriv' command044/6/2015 1:10:32 PM0.22 
7console10.12.0.1TERMINALBegin firewall configuration034/6/2015 1:10:40 PM0.16 
8Management10.12.0.1FIREWALL_MANAGEMENTUser mtyson executed 'configure term' command034/6/2015 1:10:40 PM0.16 
9Management10.12.0.1FIREWALL_MANAGEMENTUser authentication failed: Uname: hamayan024/6/2015 7:53:28 AM0.11 
10Management10.12.0.1FIREWALL_MANAGEMENTUser authentication failed: Uname: dff024/6/2015 7:53:33 AM0.11 
11Management10.12.0.1FIREWALL_MANAGEMENTAAA user authentication Rejected : reason = Invalid password : local database : user = oracle024/6/2015 7:56:23 AM0.11 
12202.62.73.86rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)SSHLogin denied for user oracle024/6/2015 7:56:23 AM0.11 
13Management10.12.0.1FIREWALL_MANAGEMENTUser authentication failed: Uname: test024/6/2015 7:56:28 AM0.11 
14Management10.12.0.1FIREWALL_MANAGEMENTUser authentication failed: Uname: ubuntu024/6/2015 7:56:38 AM0.11 
15Management10.12.0.1FIREWALL_MANAGEMENTUser authentication failed: Uname: git024/6/2015 7:56:43 AM0.11 
16Management10.12.0.1FIREWALL_MANAGEMENTUser authentication failed: Uname: boot024/6/2015 7:56:48 AM0.11 
17Management10.12.0.1FIREWALL_MANAGEMENTUser authentication failed: Uname: 123456024/6/2015 7:56:53 AM0.11 
18Management10.12.0.1FIREWALL_MANAGEMENTUser authentication failed: Uname: 123024/6/2015 7:56:58 AM0.11 
19Management10.12.0.1FIREWALL_MANAGEMENTUser mtyson executed 'show version' command024/6/2015 1:10:32 PM0.11 
20Management10.12.0.1FIREWALL_MANAGEMENTUser mtyson executed 'show running-config aaa authorization' command024/6/2015 1:10:36 PM0.11 
21Management10.12.0.1FIREWALL_MANAGEMENTUser mtyson executed 'show running-config' command024/6/2015 1:10:38 PM0.11 
2210.12.0.110.12.0.1SSLCertificate validation failed. No suitable trustpoints found to validate certificate serial number 250CE8E030612E9F2B89F7054D7CF8FD014/6/2015 6:29:07 AM0.05 
23Management10.12.0.1FIREWALL_MANAGEMENTAAA user authentication Rejected : reason = Invalid password : local database : user = hamayan014/6/2015 7:53:28 AM0.05 
24202.62.73.86rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)SSHLogin denied for user hamayan014/6/2015 7:53:28 AM0.05 
25Management10.12.0.1FIREWALL_MANAGEMENTAAA user authentication Rejected : reason = Invalid password : local database : user = dff014/6/2015 7:53:33 AM0.05 
26202.62.73.86rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)SSHLogin denied for user dff014/6/2015 7:53:33 AM0.05 
27Management10.12.0.1FIREWALL_MANAGEMENTAAA user authentication Rejected : reason = Invalid password : local database : user = test014/6/2015 7:56:28 AM0.05 
28202.62.73.86rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)SSHLogin denied for user test014/6/2015 7:56:28 AM0.05 
29Management10.12.0.1FIREWALL_MANAGEMENTAAA user authentication Rejected : reason = Invalid password : local database : user = ubuntu014/6/2015 7:56:38 AM0.05 
30202.62.73.86rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)SSHLogin denied for user ubuntu014/6/2015 7:56:38 AM0.05 
31Management10.12.0.1FIREWALL_MANAGEMENTAAA user authentication Rejected : reason = Invalid password : local database : user = git014/6/2015 7:56:43 AM0.05 
32202.62.73.86rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)SSHLogin denied for user git014/6/2015 7:56:43 AM0.05 
33Management10.12.0.1FIREWALL_MANAGEMENTAAA user authentication Rejected : reason = Invalid password : local database : user = boot014/6/2015 7:56:48 AM0.05 
34202.62.73.86rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)SSHLogin denied for user boot014/6/2015 7:56:48 AM0.05 
35Management10.12.0.1FIREWALL_MANAGEMENTAAA user authentication Rejected : reason = Invalid password : local database : user = 123456014/6/2015 7:56:53 AM0.05 
36202.62.73.86rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)SSHLogin denied for user 123456014/6/2015 7:56:53 AM0.05 
37Management10.12.0.1FIREWALL_MANAGEMENTAAA user authentication Rejected : reason = Invalid password : local database : user = 123014/6/2015 7:56:58 AM0.05 
38202.62.73.86rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)SSHLogin denied for user 123014/6/2015 7:56:58 AM0.05 
39Management10.12.0.1FIREWALL_MANAGEMENTUser mtyson executed 'perfmon interval 10' command014/6/2015 1:10:32 PM0.05 
40Management10.12.0.1FIREWALL_MANAGEMENTUser mtyson executed 'show asdm sessions' command014/6/2015 1:10:32 PM0.05 
41Management10.12.0.1FIREWALL_MANAGEMENTUser mtyson executed 'show firewall' command014/6/2015 1:10:32 PM0.05 
42Management10.12.0.1FIREWALL_MANAGEMENTUser mtyson executed 'show module' command014/6/2015 1:10:32 PM0.05 
43Management10.12.0.1FIREWALL_MANAGEMENTUser mtyson executed 'show cluster interface-mode' command014/6/2015 1:10:32 PM0.05 
44Management10.12.0.1FIREWALL_MANAGEMENTUser mtyson executed 'show cluster info' command014/6/2015 1:10:32 PM0.05 
45Management10.12.0.1FIREWALL_MANAGEMENTUser mtyson executed 'show vpn-sessiondb license-summary' command014/6/2015 1:10:36 PM0.05 
46Management10.12.0.1FIREWALL_MANAGEMENTUser mtyson executed 'show running-config route' command014/6/2015 1:10:39 PM0.05 
47Management10.12.0.1FIREWALL_MANAGEMENTUser mtyson executed 'show running-config interface' command014/6/2015 1:10:39 PM0.05 
48Management10.12.0.1FIREWALL_MANAGEMENTUser mtyson executed 'show running-config track' command014/6/2015 1:10:39 PM0.05 
49Management10.12.0.1FIREWALL_MANAGEMENTUser mtyson executed 'show running-config sla monitor' command014/6/2015 1:10:39 PM0.05 
50Management10.12.0.1FIREWALL_MANAGEMENTUser mtyson executed 'show running-config threat-detection' command014/6/2015 1:10:39 PM0.05 

Firewall: 10.12.0.1 - Interfaces: inside to inside - Go to top

Top 50 denied sources

NoSourceConnectionsFirst denial%Comment
110.12.2.1552,6704/6/2015 9:57:04 AM26.322670 denials recorded on 4/6/2015 9:57:04 AM
210.12.2.1151,4004/6/2015 8:12:43 AM13.801400 denials recorded on 4/6/2015 8:12:43 AM
310.12.2.1231,3264/6/2015 6:54:48 AM13.071326 denials recorded on 4/6/2015 6:54:48 AM
410.12.2.21,0484/6/2015 7:46:51 AM10.33 
510.12.2.1299884/6/2015 8:57:20 AM09.74 
610.12.2.1704214/6/2015 8:04:26 AM04.15 
710.12.0.143334/6/2015 12:00:00 AM03.28 
810.12.0.163034/6/2015 12:03:21 AM02.99 
910.12.0.132944/6/2015 12:01:11 AM02.90 
1010.12.0.122904/6/2015 12:01:28 AM02.86 
1110.12.2.1672494/6/2015 8:03:57 AM02.45 
1210.12.0.1022464/6/2015 12:07:44 AM02.42 
1310.12.2.1541684/6/2015 7:37:40 AM01.66 
1410.12.3.156964/6/2015 2:57:37 PM00.95 
1510.12.2.148834/6/2015 9:00:52 AM00.82 
1610.12.2.0634/6/2015 9:59:22 AM00.62 
1710.12.0.250494/6/2015 1:17:39 AM00.481 denials recorded on 4/6/2015 1:16:36 PM
1810.12.2.178414/6/2015 8:02:48 AM00.40 
1910.12.2.174304/6/2015 1:10:28 PM00.30 
2010.12.2.150144/6/2015 12:01:49 PM00.14 
2110.12.0.248124/6/2015 5:29:39 AM00.12 
2210.12.2.149064/6/2015 12:30:26 PM00.06 
2310.12.2.173024/6/2015 6:57:44 AM00.02 
2410.12.0.109024/6/2015 10:35:08 AM00.02 
2510.12.2.118024/6/2015 11:39:06 AM00.02 
2610.12.2.104024/6/2015 12:51:40 PM00.02 
2710.12.2.1024/6/2015 4:40:22 PM00.02 
2810.12.2.156024/6/2015 6:05:10 PM00.02 
2910.12.2.159014/6/2015 7:01:28 AM00.01 
3010.12.2.134014/6/2015 8:02:48 AM00.01 
3110.12.2.181014/6/2015 9:46:18 AM00.01 
3210.12.2.137014/6/2015 11:37:34 AM00.01 

Top 50 destinations for denied connections

NoDestinationConnectionsFirst denial%Comment
1a23-62-6-51.deploy.static.akamaitechnologies.com (23.62.6.51)3594/6/2015 12:01:28 AM03.54 
2a23-62-6-48.deploy.static.akamaitechnologies.com (23.62.6.48)3424/6/2015 12:01:11 AM03.37 
3portal.videxio.com (46.137.184.162)2464/6/2015 12:07:44 AM02.42 
4a23-62-6-66.deploy.static.akamaitechnologies.com (23.62.6.66)2204/6/2015 6:54:48 AM02.17 
593.184.216.2291774/6/2015 11:15:44 AM01.74 
6a23-62-6-59.deploy.static.akamaitechnologies.com (23.62.6.59)1714/6/2015 6:54:48 AM01.69 
724.143.196.1071204/6/2015 8:49:09 AM01.18 
8iad23s43-in-f142.1e100.net (216.58.217.142)1194/6/2015 7:52:35 AM01.17 
9iad23s43-in-f2.1e100.net (216.58.217.130)1014/6/2015 8:57:46 AM01.00 
1023.235.39.65994/6/2015 10:35:59 AM00.98 
11192.168.1.1894/6/2015 12:00:00 AM00.88 
12138.108.6.206864/6/2015 11:12:10 AM00.85 
1324.143.196.98824/6/2015 9:20:16 AM00.81 
14a23-62-6-75.deploy.static.akamaitechnologies.com (23.62.6.75)794/6/2015 12:58:21 AM00.78 
15a96-6-113-193.deploy.akamaitechnologies.com (96.6.113.193)794/6/2015 11:08:46 AM00.78 
16a23-0-160-65.deploy.static.akamaitechnologies.com (23.0.160.65)774/6/2015 12:59:34 PM00.76 
17iad23s43-in-f129.1e100.net (216.58.217.129)724/6/2015 8:57:46 AM00.71 
18173.252.112.23704/6/2015 7:56:55 AM00.69845 denials recorded on 4/6/2015 6:58:05 AM
19a23-218-100-199.deploy.static.akamaitechnologies.com (23.218.100.199)674/6/2015 6:54:48 AM00.66 
20host.impwebhost2.com (67.225.164.162)674/6/2015 8:49:48 AM00.66 
21138.108.7.206584/6/2015 10:36:00 AM00.57 
22a96-6-113-58.deploy.akamaitechnologies.com (96.6.113.58)564/6/2015 2:45:54 AM00.55 
23qg-in-f95.1e100.net (74.125.29.95)534/6/2015 8:49:49 AM00.52 
24199.27.76.64534/6/2015 11:41:20 AM00.52 
25a23-0-160-72.deploy.static.akamaitechnologies.com (23.0.160.72)524/6/2015 1:30:03 PM00.51 
26a96-6-113-120.deploy.akamaitechnologies.com (96.6.113.120)514/6/2015 2:58:22 AM00.50 
27ec2-23-21-43-218.compute-1.amazonaws.com (23.21.43.218)484/6/2015 8:57:47 AM00.47 
28ec2-54-243-39-151.compute-1.amazonaws.com (54.243.39.151)484/6/2015 10:17:58 AM00.47 
29iad23s43-in-f3.1e100.net (216.58.217.131)474/6/2015 8:57:46 AM00.46 
3074.201.141.140474/6/2015 11:15:44 AM00.46 
3123.235.46.207464/6/2015 11:35:49 AM00.45 
32a96-6-113-153.deploy.akamaitechnologies.com (96.6.113.153)444/6/2015 11:09:06 AM00.43 
33107.14.34.83444/6/2015 3:38:30 PM00.43 
3424.143.200.224424/6/2015 3:46:10 PM00.41 
35a23-0-160-49.deploy.static.akamaitechnologies.com (23.0.160.49)404/6/2015 12:03:21 AM00.39 
36UNKNOWN-66-196-120-X.yahoo.com (66.196.120.100)404/6/2015 8:15:28 AM00.39 
37na-in-f95.1e100.net (64.233.171.95)394/6/2015 8:58:36 AM00.38 
3869.25.24.27394/6/2015 9:58:11 AM00.38 
39ec2-107-22-184-136.compute-1.amazonaws.com (107.22.184.136)394/6/2015 11:14:58 AM00.38 
40a96-17-197-24.deploy.akamaitechnologies.com (96.17.197.24)394/6/2015 11:15:44 AM00.38 
4124.143.200.240384/6/2015 3:44:43 PM00.37 
42a23-196-2-22.deploy.static.akamaitechnologies.com (23.196.2.22)374/6/2015 11:37:17 AM00.36 
4323.235.46.143374/6/2015 6:06:39 PM00.36 
4469.2.216.140364/6/2015 9:51:33 AM00.35 
4523.235.46.65364/6/2015 11:50:42 AM00.35 
46iadvizevip01.ikoula.com (94.125.164.112)364/6/2015 3:46:57 PM00.35 
4794.31.29.154.IPYX-077437-ZYO.above.net (94.31.29.154)354/6/2015 8:49:49 AM00.34 
48a23-218-107-150.deploy.static.akamaitechnologies.com (23.218.107.150)344/6/2015 11:41:00 AM00.34 
49199.27.76.207334/6/2015 9:58:11 AM00.33 
5069.25.24.25334/6/2015 9:58:11 AM00.33 

Top 50 denied protocols

NoDenied protocolConnectionsFirst denial%Comment
1TCP/80 - http9,6894/6/2015 12:00:51 AM95.50 
2TCP/443 - ssl-https3474/6/2015 12:07:44 AM03.42 
3TCP/50641094/6/2015 2:44:56 PM00.09 
4TCP/60520044/6/2015 6:00:51 AM00.04 
5TCP/6119034/6/2015 5:29:39 AM00.03 
6TCP/135 - ms rpc034/6/2015 5:59:39 PM00.03 
7TCP/4865034/6/2015 8:01:07 PM00.03 
8TCP/1980034/6/2015 9:02:58 PM00.03 
9TCP/2541034/6/2015 9:40:21 PM00.03 
10TCP/3011034/6/2015 10:05:17 PM00.03 
11TCP/3185034/6/2015 10:17:45 PM00.03 
12TCP/3380034/6/2015 10:30:13 PM00.03 
13TCP/3812034/6/2015 10:54:55 PM00.03 
14TCP/4072034/6/2015 11:07:22 PM00.03 
15TCP/4440034/6/2015 11:32:04 PM00.03 
16TCP/4639034/6/2015 11:44:32 PM00.03 
17TCP/61189024/6/2015 10:23:48 PM00.02 
18TCP/4445014/6/2015 12:00:00 AM00.01 
19TCP/4647014/6/2015 12:08:00 AM00.01 
20TCP/4800014/6/2015 12:15:48 AM00.01 
21TCP/4833014/6/2015 12:18:00 AM00.01 
22TCP/1351014/6/2015 12:45:48 AM00.01 
23TCP/1386014/6/2015 12:48:00 AM00.01 
24TCP/1653014/6/2015 1:00:48 AM00.01 
25TCP/1899014/6/2015 1:15:48 AM00.01 
26TCP/1935014/6/2015 1:18:00 AM00.01 
27TCP/2126014/6/2015 1:30:48 AM00.01 
28TCP/2261014/6/2015 1:38:00 AM00.01 
29TCP/2378014/6/2015 1:45:48 AM00.01 
30TCP/2414014/6/2015 1:48:00 AM00.01 
31TCP/2687014/6/2015 2:00:48 AM00.01 
32TCP/2784014/6/2015 2:08:00 AM00.01 
33TCP/2893014/6/2015 2:15:49 AM00.01 
34TCP/3120014/6/2015 2:30:49 AM00.01 
35TCP/3405014/6/2015 2:45:49 AM00.01 
36TCP/3578014/6/2015 2:58:00 AM00.01 
37TCP/3815014/6/2015 3:08:00 AM00.01 
38TCP/3923014/6/2015 3:15:49 AM00.01 
39TCP/4168014/6/2015 3:30:49 AM00.01 
40TCP/4413014/6/2015 3:45:49 AM00.01 
41TCP/4720014/6/2015 4:00:49 AM00.01 
42TCP/4856014/6/2015 4:08:00 AM00.01 
43TCP/4965014/6/2015 4:15:49 AM00.01 
44TCP/1228014/6/2015 4:30:49 AM00.01 
45TCP/1370014/6/2015 4:38:00 AM00.01 
46TCP/1519014/6/2015 4:45:49 AM00.01 
47TCP/1689014/6/2015 4:58:00 AM00.01 
48TCP/2086014/6/2015 5:15:49 AM00.01 
49TCP/2311014/6/2015 5:30:49 AM00.01 
50TCP/2556014/6/2015 5:45:49 AM00.01 



Top 50 denial reasons

NoDenial reasonConnectionsFirst denial%Comment
1No connection10,1374/6/2015 12:00:00 AM99.91 
2TCP flags ACK 094/6/2015 2:44:56 PM00.09 



Top 50 denied sources, destinations, protocols and reasons

NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
110.12.0.13a23-62-6-48.deploy.static.akamaitechnologies.com (23.62.6.48)TCP/80 - httpNo connection2884/6/2015 12:01:11 AM2.84 
210.12.0.12a23-62-6-51.deploy.static.akamaitechnologies.com (23.62.6.51)TCP/80 - httpNo connection2884/6/2015 12:01:28 AM2.84 
310.12.0.102portal.videxio.com (46.137.184.162)TCP/443 - ssl-httpsNo connection2464/6/2015 12:07:44 AM2.42 
410.12.2.15593.184.216.229TCP/80 - httpNo connection1584/6/2015 11:15:44 AM1.562670 denials recorded on 4/6/2015 9:57:04 AM
510.12.2.15524.143.196.107TCP/80 - httpNo connection1134/6/2015 11:15:44 AM1.11 
610.12.2.12323.235.39.65TCP/80 - httpNo connection994/6/2015 10:35:59 AM0.981326 denials recorded on 4/6/2015 6:54:48 AM
710.12.2.123138.108.6.206TCP/80 - httpNo connection864/6/2015 11:12:10 AM0.85 
810.12.2.15524.143.196.98TCP/80 - httpNo connection714/6/2015 11:15:44 AM0.70 
910.12.2.123138.108.7.206TCP/80 - httpNo connection584/6/2015 10:36:00 AM0.57 
1010.12.2.123199.27.76.64TCP/80 - httpNo connection514/6/2015 12:16:22 PM0.50 
1110.12.0.16a23-62-6-75.deploy.static.akamaitechnologies.com (23.62.6.75)TCP/80 - httpNo connection424/6/2015 12:58:21 AM0.41 
1210.12.2.178UNKNOWN-66-196-120-X.yahoo.com (66.196.120.100)TCP/443 - ssl-httpsNo connection404/6/2015 8:15:28 AM0.39 
1310.12.2.15574.201.141.140TCP/80 - httpNo connection394/6/2015 11:15:44 AM0.38 
1410.12.2.155a96-17-197-24.deploy.akamaitechnologies.com (96.17.197.24)TCP/80 - httpNo connection394/6/2015 11:15:44 AM0.38 
1510.12.2.115host.impwebhost2.com (67.225.164.162)TCP/80 - httpNo connection394/6/2015 1:46:32 PM0.381400 denials recorded on 4/6/2015 8:12:43 AM
1610.12.0.14a96-6-113-58.deploy.akamaitechnologies.com (96.6.113.58)TCP/80 - httpNo connection374/6/2015 2:45:54 AM0.36 
1710.12.2.115a23-62-6-59.deploy.static.akamaitechnologies.com (23.62.6.59)TCP/80 - httpNo connection374/6/2015 8:17:10 AM0.36 
1810.12.2.15523.235.46.143TCP/80 - httpNo connection374/6/2015 6:06:39 PM0.36 
1910.12.0.16a96-6-113-120.deploy.akamaitechnologies.com (96.6.113.120)TCP/80 - httpNo connection364/6/2015 2:58:22 AM0.35 
2010.12.0.14a23-62-6-75.deploy.static.akamaitechnologies.com (23.62.6.75)TCP/80 - httpNo connection364/6/2015 7:15:58 AM0.35 
2110.12.2.12969.2.216.140TCP/80 - httpNo connection364/6/2015 9:51:33 AM0.35 
2210.12.2.129ec2-23-21-43-218.compute-1.amazonaws.com (23.21.43.218)TCP/80 - httpNo connection364/6/2015 9:53:25 AM0.35 
2310.12.2.115ec2-54-243-39-151.compute-1.amazonaws.com (54.243.39.151)TCP/80 - httpNo connection364/6/2015 11:35:49 AM0.35 
2410.12.2.12323.235.46.65TCP/80 - httpNo connection364/6/2015 11:50:42 AM0.35 
2510.12.3.156iadvizevip01.ikoula.com (94.125.164.112)TCP/80 - httpNo connection364/6/2015 3:46:57 PM0.35 
2610.12.2.155ec2-107-22-184-136.compute-1.amazonaws.com (107.22.184.136)TCP/80 - httpNo connection354/6/2015 11:14:58 AM0.34 
2710.12.2.2a23-62-6-66.deploy.static.akamaitechnologies.com (23.62.6.66)TCP/80 - httpNo connection344/6/2015 7:46:51 AM0.34 
2810.12.2.154a23-62-6-66.deploy.static.akamaitechnologies.com (23.62.6.66)TCP/80 - httpNo connection334/6/2015 7:37:40 AM0.33 
2910.12.2.170a23-62-6-66.deploy.static.akamaitechnologies.com (23.62.6.66)TCP/80 - httpNo connection334/6/2015 8:04:26 AM0.33 
3010.12.2.123iad23s43-in-f142.1e100.net (216.58.217.142)TCP/80 - httpNo connection334/6/2015 10:37:21 AM0.33 
3110.12.2.11523.235.46.207TCP/80 - httpNo connection334/6/2015 11:35:49 AM0.33 
3210.12.2.115cluster3.convio.net (69.48.252.146)TCP/80 - httpNo connection324/6/2015 10:06:50 AM0.32 
3310.12.0.16a23-0-160-66.deploy.static.akamaitechnologies.com (23.0.160.66)TCP/80 - httpNo connection314/6/2015 12:58:28 PM0.31 
3410.12.0.14a23-62-6-51.deploy.static.akamaitechnologies.com (23.62.6.51)TCP/80 - httpNo connection304/6/2015 12:45:52 AM0.30 
3510.12.0.14a23-62-6-48.deploy.static.akamaitechnologies.com (23.62.6.48)TCP/80 - httpNo connection304/6/2015 1:15:52 AM0.30 
3610.12.2.123a23-196-2-22.deploy.static.akamaitechnologies.com (23.196.2.22)TCP/80 - httpNo connection304/6/2015 12:16:22 PM0.30 
3710.12.0.1424.143.200.224TCP/80 - httpNo connection304/6/2015 3:46:10 PM0.30 
3810.12.2.115a23-62-6-66.deploy.static.akamaitechnologies.com (23.62.6.66)TCP/80 - httpNo connection294/6/2015 8:12:43 AM0.29 
3910.12.2.2216-136-78-70.static.twtelecom.net (216.136.78.70)TCP/80 - httpNo connection294/6/2015 9:18:12 AM0.29 
4010.12.2.155a104-64-77-83.deploy.static.akamaitechnologies.com (104.64.77.83)TCP/80 - httpNo connection294/6/2015 11:15:44 AM0.29 
4110.12.2.123199.27.76.65TCP/80 - httpNo connection294/6/2015 1:22:00 PM0.29 
4210.12.2.17410.12.0.1TCP/443 - ssl-httpsNo connection284/6/2015 1:10:28 PM0.28 
4310.12.2.2iad23s43-in-f3.1e100.net (216.58.217.131)TCP/80 - httpNo connection274/6/2015 9:18:12 AM0.27 
4410.12.2.155iad23s43-in-f2.1e100.net (216.58.217.130)TCP/80 - httpNo connection274/6/2015 11:15:44 AM0.27 
4510.12.2.155a23-62-236-27.deploy.static.akamaitechnologies.com (23.62.236.27)TCP/80 - httpNo connection274/6/2015 6:44:04 PM0.27 
4610.12.2.167a23-62-6-59.deploy.static.akamaitechnologies.com (23.62.6.59)TCP/80 - httpNo connection264/6/2015 8:03:57 AM0.26 
4710.12.2.12374.201.198.71TCP/80 - httpNo connection264/6/2015 12:16:22 PM0.26 
4810.12.2.123173.252.112.23TCP/80 - httpNo connection264/6/2015 12:16:22 PM0.26845 denials recorded on 4/6/2015 6:58:05 AM
4910.12.2.2a23-62-6-59.deploy.static.akamaitechnologies.com (23.62.6.59)TCP/80 - httpNo connection254/6/2015 7:46:51 AM0.25 
5010.12.2.148www.wip.ncbi.nlm.nih.gov (130.14.29.110)TCP/80 - httpNo connection254/6/2015 9:14:17 AM0.25 

Top 50 denied protocols and reasons

NoProtocolReasonDenials%Comment
1TCP/80 - httpNo connection9,68995.50 
2TCP/443 - ssl-httpsNo connection3473.42 
3TCP/50641TCP flags ACK 090.09 
4TCP/60520No connection040.04 
5TCP/6119No connection030.03 
6TCP/135 - ms rpcNo connection030.03 
7TCP/4865No connection030.03 
8TCP/1980No connection030.03 
9TCP/2541No connection030.03 
10TCP/3011No connection030.03 
11TCP/3185No connection030.03 
12TCP/3380No connection030.03 
13TCP/3812No connection030.03 
14TCP/4072No connection030.03 
15TCP/4440No connection030.03 
16TCP/4639No connection030.03 
17TCP/61189No connection020.02 
18TCP/4445No connection010.01 
19TCP/4647No connection010.01 
20TCP/4800No connection010.01 
21TCP/4833No connection010.01 
22TCP/1351No connection010.01 
23TCP/1386No connection010.01 
24TCP/1653No connection010.01 
25TCP/1899No connection010.01 
26TCP/1935No connection010.01 
27TCP/2126No connection010.01 
28TCP/2261No connection010.01 
29TCP/2378No connection010.01 
30TCP/2414No connection010.01 
31TCP/2687No connection010.01 
32TCP/2784No connection010.01 
33TCP/2893No connection010.01 
34TCP/3120No connection010.01 
35TCP/3405No connection010.01 
36TCP/3578No connection010.01 
37TCP/3815No connection010.01 
38TCP/3923No connection010.01 
39TCP/4168No connection010.01 
40TCP/4413No connection010.01 
41TCP/4720No connection010.01 
42TCP/4856No connection010.01 
43TCP/4965No connection010.01 
44TCP/1228No connection010.01 
45TCP/1370No connection010.01 
46TCP/1519No connection010.01 
47TCP/1689No connection010.01 
48TCP/2086No connection010.01 
49TCP/2311No connection010.01 
50TCP/2556No connection010.01 

Firewall: 10.12.0.1 - Interfaces: outside to outside - Go to top

Top 50 denied sources

NoSourceConnectionsFirst denial%Comment
1202.62.73.869064/6/2015 7:53:28 AM07.17906 denials recorded on 4/6/2015 7:53:28 AM
2173.252.112.238454/6/2015 6:58:05 AM06.69845 denials recorded on 4/6/2015 6:58:05 AM
310.12.0.2247684/6/2015 2:15:37 PM06.08768 denials recorded on 4/6/2015 2:15:37 PM
4cust-vip1-dc7.logicmonitor.com (69.25.43.192)6394/6/2015 12:10:32 AM05.06 
5bc16288.bendcable.com (216.228.162.88)5044/6/2015 7:46:03 AM03.99 
693.184.215.2003404/6/2015 5:46:51 AM02.69 
7webmail.ncmedboard.org (152.46.8.115)3024/6/2015 7:28:29 AM02.39 
8xx-fbcdn-shv-02-dft4.fbcdn.net (31.13.66.5)2804/6/2015 7:34:54 AM02.22 
9a23-62-6-73.deploy.static.akamaitechnologies.com (23.62.6.73)2734/6/2015 7:31:32 AM02.16 
10a23-62-6-80.deploy.static.akamaitechnologies.com (23.62.6.80)2414/6/2015 7:59:37 AM01.91 
11a23-62-6-74.deploy.static.akamaitechnologies.com (23.62.6.74)2254/6/2015 10:31:38 AM01.78 
12176.121.88.111844/6/2015 12:07:44 AM01.46 
13a23-218-43-196.deploy.static.akamaitechnologies.com (23.218.43.196)1844/6/2015 9:22:29 AM01.46 
1424.143.200.1791744/6/2015 4:28:21 PM01.38 
15zd-20-multi.zetta.net (199.204.173.20)1534/6/2015 7:01:27 PM01.21 
16a23-0-160-26.deploy.static.akamaitechnologies.com (23.0.160.26)1454/6/2015 1:06:00 PM01.15 
17smpstatus.zetta.net (74.114.124.56)1454/6/2015 6:42:07 PM01.15 
18a23-0-160-25.deploy.static.akamaitechnologies.com (23.0.160.25)1244/6/2015 1:08:15 PM00.98 
19a23-62-6-75.deploy.static.akamaitechnologies.com (23.62.6.75)1194/6/2015 10:07:44 AM00.94 
20a1plpkivs-v03.any.prod.ash1.secureserver.net (72.167.239.239)1184/6/2015 6:50:52 AM00.93 
21132.245.54.981104/6/2015 12:41:07 PM00.87 
22d3-5-0-5-0.a00.nycmny03.us.ra.verio.net (165.254.46.17)1034/6/2015 7:34:54 AM00.81 
23ec2-54-84-129-165.compute-1.amazonaws.com (54.84.129.165)894/6/2015 7:30:20 AM00.70 
24199.16.156.120864/6/2015 7:35:35 AM00.68 
25e6.08.7e4b.ip4.static.sl-reverse.com (75.126.8.230)804/6/2015 7:31:54 AM00.63 
26vip0x008.map2.ssl.hwcdn.net (209.197.3.8)794/6/2015 4:25:04 PM00.63 
27a23-62-236-35.deploy.static.akamaitechnologies.com (23.62.236.35)734/6/2015 4:28:16 PM00.58 
28i5-h0-s1021.p1-iad.cdngp.net (66.114.52.209)704/6/2015 11:51:58 AM00.55 
29a23-0-160-43.deploy.static.akamaitechnologies.com (23.0.160.43)694/6/2015 3:09:25 PM00.55 
30108.161.189.92684/6/2015 10:34:03 AM00.54 
3124.143.196.41684/6/2015 1:46:56 PM00.54 
3267.225.164.138654/6/2015 8:30:24 AM00.51 
3324.143.200.217634/6/2015 4:58:36 PM00.50 
34deadiversion.usdoj.gov (149.101.57.30)614/6/2015 9:35:23 AM00.48 
35192.16.31.49604/6/2015 6:55:47 AM00.47 
3624.143.196.64574/6/2015 1:52:54 PM00.45 
3724.143.200.251574/6/2015 4:33:14 PM00.45 
38ec2-52-4-187-229.compute-1.amazonaws.com (52.4.187.229)564/6/2015 7:58:51 AM00.44 
3923.235.39.64564/6/2015 12:18:22 PM00.44 
40ec2-54-174-89-71.compute-1.amazonaws.com (54.174.89.71)544/6/2015 7:33:00 AM00.43 
41a23-0-160-82.deploy.static.akamaitechnologies.com (23.0.160.82)524/6/2015 2:43:46 PM00.41 
4269.172.216.55494/6/2015 8:04:21 AM00.39 
43yk-in-f105.1e100.net (74.125.196.105)494/6/2015 12:32:52 PM00.39 
44bc161106.bendcable.com (216.228.161.106)484/6/2015 8:49:01 AM00.38 
4593.184.216.163484/6/2015 10:43:15 AM00.38 
46a23-196-20-218.deploy.static.akamaitechnologies.com (23.196.20.218)474/6/2015 7:41:51 AM00.37 
47a-0001.a-msedge.net (204.79.197.200)464/6/2015 1:21:40 PM00.36 
48li893-156.members.linode.com (45.56.91.156)414/6/2015 8:58:33 AM00.32 
49iad23s43-in-f142.1e100.net (216.58.217.142)404/6/2015 8:25:46 AM00.32 
5024.143.200.233404/6/2015 4:23:56 PM00.32 

Top 50 destinations for denied connections

NoDestinationConnectionsFirst denial%Comment
1rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)10,1394/6/2015 12:07:44 AM80.21 
210.12.2.1277664/6/2015 2:15:37 PM06.06 
3rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)6424/6/2015 12:20:47 AM05.08 
410.12.0.15354/6/2015 12:20:46 AM04.23 
5rrcs-24-106-197-138.se.biz.rr.com (24.106.197.138)4464/6/2015 12:10:32 AM03.53 
6rrcs-24-106-197-136.se.biz.rr.com (24.106.197.136)354/6/2015 1:21:16 AM00.28 
7rrcs-24-106-197-139.se.biz.rr.com (24.106.197.139)304/6/2015 12:50:50 AM00.24 
8rrcs-24-106-197-133.se.biz.rr.com (24.106.197.133)234/6/2015 12:08:32 AM00.18 
9rrcs-24-106-197-137.se.biz.rr.com (24.106.197.137)224/6/2015 12:49:03 AM00.17 
1010.12.0.16024/6/2015 2:16:19 PM00.02 

Top 50 denied protocols

NoDenied protocolConnectionsFirst denial%Comment
1TCP/8080 - http proxy6684/6/2015 11:12:31 AM05.28 
2TCP/22 - ssh5674/6/2015 12:20:47 AM04.49 
3SSH4984/6/2015 12:20:46 AM03.94 
4TCP/51933604/6/2015 10:52:23 AM00.47 
5TCP/53695574/6/2015 12:42:03 PM00.45 
6TCP/54386564/6/2015 1:06:00 PM00.44 
7TCP/54111544/6/2015 11:43:26 AM00.43 
8TCP/23 - telnet514/6/2015 3:45:05 AM00.40 
9TCP/53407514/6/2015 10:07:01 AM00.40 
10TCP/54570514/6/2015 1:28:20 PM00.40 
11TCP/56984474/6/2015 1:24:28 PM00.37 
12TCP/54385424/6/2015 1:06:00 PM00.33 
13TCP/35912414/6/2015 7:31:54 AM00.32 
14TCP/41960394/6/2015 7:31:59 AM00.31 
15TCP/49949394/6/2015 8:06:05 AM00.31 
16TCP/52342374/6/2015 10:34:17 AM00.29 
17TCP/48149374/6/2015 6:22:24 PM00.29 
18TCP/49011354/6/2015 4:28:21 PM00.28 
19TCP/50434344/6/2015 8:47:41 AM00.27 
20TCP/51069344/6/2015 11:51:58 AM00.27 
21ICMP/3 - unreach334/6/2015 12:24:40 AM00.26 
22TCP/49698334/6/2015 7:31:27 AM00.26 
23TCP/51243334/6/2015 9:02:13 AM00.26 
24TCP/44137334/6/2015 12:43:50 PM00.26 
25TCP/58349334/6/2015 1:32:46 PM00.26 
26TCP/56225334/6/2015 5:27:24 PM00.26 
27TCP/57037324/6/2015 7:59:37 AM00.25 
28TCP/50433324/6/2015 8:47:41 AM00.25 
29TCP/39796324/6/2015 10:34:03 AM00.25 
30TCP/50798324/6/2015 10:34:17 AM00.25 
31TCP/52207324/6/2015 10:51:35 AM00.25 
32TCP/55971324/6/2015 11:37:52 AM00.25 
33TCP/57813324/6/2015 2:43:46 PM00.25 
34TCP/40399324/6/2015 4:57:32 PM00.25 
35TCP/49724314/6/2015 7:31:32 AM00.25 
36TCP/50801314/6/2015 11:01:28 AM00.25 
37TCP/54388304/6/2015 1:06:00 PM00.24 
38TCP/52669304/6/2015 3:09:25 PM00.24 
39TCP/37967304/6/2015 4:28:22 PM00.24 
40TCP/50435294/6/2015 9:46:07 AM00.23 
41TCP/52022294/6/2015 10:31:38 AM00.23 
42TCP/50150284/6/2015 3:46:52 PM00.22 
43TCP/49727274/6/2015 7:31:33 AM00.21 
44TCP/55548274/6/2015 12:51:57 PM00.21 
45TCP/35761274/6/2015 4:28:21 PM00.21 
46TCP/51228274/6/2015 4:49:41 PM00.21 
47TCP/45197264/6/2015 9:56:07 AM00.21 
48TCP/33789264/6/2015 10:25:34 AM00.21 
49TCP/53705264/6/2015 12:42:03 PM00.21 
50TCP/48599264/6/2015 4:28:16 PM00.21 



Top 50 denial reasons

NoDenial reasonConnectionsFirst denial%Comment
1No connection12,0304/6/2015 12:07:44 AM95.17 
2SSH session disconnected - Reset by client4464/6/2015 7:53:28 AM03.53 
3Denied by ACL754/6/2015 12:34:11 AM00.59 
4SSH session disconnected - Unsupported protocol version424/6/2015 12:20:46 AM00.33 
5Denied ICMP374/6/2015 12:24:40 AM00.29 
6SSH session disconnected - TCP connection closed084/6/2015 3:12:01 AM00.06 
7SSH session disconnected - Time-out activated014/6/2015 7:54:26 AM00.01 
8SSH session disconnected - Invalid format in version string014/6/2015 10:01:49 PM00.01 



Top 50 denied sources, destinations, protocols and reasons

NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
110.12.0.22410.12.2.127TCP/8080 - http proxyNo connection6674/6/2015 2:15:37 PM5.28768 denials recorded on 4/6/2015 2:15:37 PM
2202.62.73.86rrcs-24-106-197-130.se.biz.rr.com (24.106.197.130)TCP/22 - sshNo connection4574/6/2015 7:53:28 AM3.62906 denials recorded on 4/6/2015 7:53:28 AM
3202.62.73.8610.12.0.1SSHSSH session disconnected - Reset by client4464/6/2015 7:53:28 AM3.53 
4132.245.54.98rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/53695No connection574/6/2015 12:42:03 PM0.45 
5a23-0-160-26.deploy.static.akamaitechnologies.com (23.0.160.26)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/54386No connection564/6/2015 1:06:00 PM0.44 
667.225.164.138rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/54570No connection504/6/2015 1:28:20 PM0.40 
724.143.200.217rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/53407No connection504/6/2015 4:58:36 PM0.40 
8yk-in-f105.1e100.net (74.125.196.105)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/51933No connection494/6/2015 12:32:52 PM0.39 
924.143.200.179rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/56984No connection464/6/2015 4:29:02 PM0.36 
10a23-0-160-26.deploy.static.akamaitechnologies.com (23.0.160.26)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/54385No connection424/6/2015 1:06:00 PM0.33 
11e6.08.7e4b.ip4.static.sl-reverse.com (75.126.8.230)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/35912No connection414/6/2015 7:31:54 AM0.32 
12e6.08.7e4b.ip4.static.sl-reverse.com (75.126.8.230)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/41960No connection394/6/2015 7:31:59 AM0.31 
13bc16288.bendcable.com (216.228.162.88)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/49949No connection394/6/2015 8:06:05 AM0.31 
14192.16.31.49rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/48149No connection374/6/2015 6:22:24 PM0.29 
15108.161.189.92rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/52342No connection364/6/2015 10:34:17 AM0.28 
1624.143.200.179rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/49011No connection354/6/2015 4:28:21 PM0.28 
17i5-h0-s1021.p1-iad.cdngp.net (66.114.52.209)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/51069No connection344/6/2015 11:51:58 AM0.27 
18a23-62-6-74.deploy.static.akamaitechnologies.com (23.62.6.74)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/44137No connection334/6/2015 12:43:50 PM0.26 
19bc16288.bendcable.com (216.228.162.88)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/58349No connection334/6/2015 1:32:46 PM0.26 
20a23-62-6-80.deploy.static.akamaitechnologies.com (23.62.6.80)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/57037No connection324/6/2015 7:59:37 AM0.25 
21a23-62-6-75.deploy.static.akamaitechnologies.com (23.62.6.75)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/50434No connection324/6/2015 10:07:44 AM0.25 
22108.161.189.92rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/39796No connection324/6/2015 10:34:03 AM0.25 
23a23-62-6-80.deploy.static.akamaitechnologies.com (23.62.6.80)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/52207No connection324/6/2015 10:51:35 AM0.25 
24173.194.7.26rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/55971No connection324/6/2015 11:37:52 AM0.25 
25a23-62-6-74.deploy.static.akamaitechnologies.com (23.62.6.74)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/54111No connection324/6/2015 11:43:26 AM0.25 
26a23-0-160-82.deploy.static.akamaitechnologies.com (23.0.160.82)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/57813No connection324/6/2015 2:43:46 PM0.25 
27bc16288.bendcable.com (216.228.162.88)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/51243No connection324/6/2015 3:28:12 PM0.25 
28192.135.176.21rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/40399No connection324/6/2015 4:57:32 PM0.25 
29bc16288.bendcable.com (216.228.162.88)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/56225No connection324/6/2015 5:27:24 PM0.25 
30a23-62-6-73.deploy.static.akamaitechnologies.com (23.62.6.73)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/49724No connection314/6/2015 7:31:32 AM0.25 
31a23-62-6-75.deploy.static.akamaitechnologies.com (23.62.6.75)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/50433No connection314/6/2015 10:07:44 AM0.25 
32a23-62-6-80.deploy.static.akamaitechnologies.com (23.62.6.80)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/50798No connection314/6/2015 11:01:28 AM0.25 
33a23-62-6-80.deploy.static.akamaitechnologies.com (23.62.6.80)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/50801No connection314/6/2015 11:01:28 AM0.25 
3493.184.216.163rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/49698No connection304/6/2015 10:43:15 AM0.24 
35a23-0-160-26.deploy.static.akamaitechnologies.com (23.0.160.26)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/54388No connection304/6/2015 1:06:00 PM0.24 
36a23-0-160-43.deploy.static.akamaitechnologies.com (23.0.160.43)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/52669No connection304/6/2015 3:09:25 PM0.24 
3724.143.200.179rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/37967No connection304/6/2015 4:28:22 PM0.24 
38a23-62-6-74.deploy.static.akamaitechnologies.com (23.62.6.74)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/52022No connection294/6/2015 10:31:38 AM0.23 
39a23-62-6-73.deploy.static.akamaitechnologies.com (23.62.6.73)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/49727No connection274/6/2015 7:31:33 AM0.21 
40a23-62-6-75.deploy.static.akamaitechnologies.com (23.62.6.75)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/50435No connection274/6/2015 10:07:44 AM0.21 
41bc16288.bendcable.com (216.228.162.88)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/50150No connection274/6/2015 3:46:52 PM0.21 
4224.143.200.179rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/35761No connection274/6/2015 4:28:21 PM0.21 
43108.161.188.192rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/45197No connection264/6/2015 9:56:07 AM0.21 
44mail4.listpilot.net (198.64.153.201)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/33789No connection264/6/2015 10:25:34 AM0.21 
45132.245.54.98rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/53705No connection264/6/2015 12:42:03 PM0.21 
46vip0x008.map2.ssl.hwcdn.net (209.197.3.8)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/55548No connection264/6/2015 4:25:11 PM0.21 
47a23-62-236-35.deploy.static.akamaitechnologies.com (23.62.236.35)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/48599No connection264/6/2015 4:28:16 PM0.21 
48d3-5-0-5-0.a00.nycmny03.us.ra.verio.net (165.254.46.17)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/51228No connection254/6/2015 4:49:41 PM0.20 
49a23-62-6-73.deploy.static.akamaitechnologies.com (23.62.6.73)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/50104No connection244/6/2015 12:40:37 PM0.19 
50a23-62-6-74.deploy.static.akamaitechnologies.com (23.62.6.74)rrcs-24-106-197-131.se.biz.rr.com (24.106.197.131)TCP/54106No connection234/6/2015 11:43:26 AM0.18 

Top 50 denied protocols and reasons

NoProtocolReasonDenials%Comment
1TCP/8080 - http proxyNo connection6685.28 
2TCP/22 - sshNo connection5674.49 
3SSHSSH session disconnected - Reset by client4463.53 
4TCP/51933No connection600.47 
5TCP/53695No connection570.45 
6TCP/54386No connection560.44 
7TCP/54111No connection540.43 
8TCP/23 - telnetDenied by ACL510.40 
9TCP/53407No connection510.40 
10TCP/54570No connection510.40 
11TCP/56984No connection470.37 
12SSHSSH session disconnected - Unsupported protocol version420.33 
13TCP/54385No connection420.33 
14TCP/35912No connection410.32 
15TCP/41960No connection390.31 
16TCP/49949No connection390.31 
17TCP/52342No connection370.29 
18TCP/48149No connection370.29 
19TCP/49011No connection350.28 
20TCP/50434No connection340.27 
21TCP/51069No connection340.27 
22ICMP/3 - unreachDenied ICMP330.26 
23TCP/49698No connection330.26 
24TCP/51243No connection330.26 
25TCP/44137No connection330.26 
26TCP/58349No connection330.26 
27TCP/56225No connection330.26 
28TCP/57037No connection320.25 
29TCP/50433No connection320.25 
30TCP/39796No connection320.25 
31TCP/50798No connection320.25 
32TCP/52207No connection320.25 
33TCP/55971No connection320.25 
34TCP/57813No connection320.25 
35TCP/40399No connection320.25 
36TCP/49724No connection310.25 
37TCP/50801No connection310.25 
38TCP/54388No connection300.24 
39TCP/52669No connection300.24 
40TCP/37967No connection300.24 
41TCP/50435No connection290.23 
42TCP/52022No connection290.23 
43TCP/50150No connection280.22 
44TCP/49727No connection270.21 
45TCP/55548No connection270.21 
46TCP/35761No connection270.21 
47TCP/51228No connection270.21 
48TCP/45197No connection260.21 
49TCP/33789No connection260.21 
50TCP/53705No connection260.21 

Firewall: 10.12.0.1 - Interfaces: inside - Go to top

Top 50 warning messages

NoSourceDestinationProtocolWarningCountFirst warning%Comment
110.12.2.17410.12.0.1HTTPSLogin permitted for mtyson294/6/2015 1:10:28 PM100.00 

Firewall: 10.12.0.1 - Interfaces: inside - Go to top

Top 50 warning messages

NoSourceDestinationProtocolWarningCountFirst warning%Comment
110.12.2.17310.12.0.1SSLDevice failed SSL handshake with client044/6/2015 1:09:29 PM100.00 

Firewall: 10.12.0.1 - Interfaces: outside - Go to top

Top 50 warning messages

NoSourceDestinationProtocolWarningCountFirst warning%Comment
110.12.0.224239.255.255.250UDP/1900 - univ. plug-and-playFailed to locate egress interface444/6/2015 2:09:17 PM100.00768 denials recorded on 4/6/2015 2:15:37 PM

Analysis details

Analysis start time4/26/2017 10:12:18 AM
Analysis duration13.65 minutes (819 seconds)
Analysis engine versionCisco Pix/ASA parser version: 0.21
FireGen40Service.exe - FireGen scheduler service: 4.1.6.0
Filtering criteriaAll entries
Excluded keywordsNone

Glossary

!!!Indicates that a high denials:connections ration has been detected. The current configured ratio is 3. The !!! indicates that the percentage of denials for that hour is bigger than 3 x the connections percentage. This indicates some unusual denial activity that may have to be investigated. The ratio can be configured on the Report Formats interface.
Other messagesThe Other messages represents a list of message not yet configured in the Firegen parser. Please send these messages to us (support@firegen.com) and we will add them in the next Firegen update. These messages are included in the list of message types but they are not yet fully understood by the analyzer.