Logo firegen home | support | tcp/ip ports

Altair Technologies - Firegen report generated on 1/2/2018 10:42:27 AM

InfoValue
Analysis profileAnalysis profile Palo Alto
Analyzed log(s)E:\Logs\Palo Alto\altfirewall01.eventid.net-2017-12-20.log (61.00 MB)
Firewall typePalo Alto
Analysis intervalAll entries in the specified log

Firewalls

NoFirewallConnectionsTraffic (MB)DenialsWarningsURLsInfoIDSACLUnknown
1altfirewall01.eventid.net121,5462,994.6731,174000000000000

Firewall: altfirewall01.eventid.net

Anomaly report

Based on the analysis of 0 historical records, this set of data appears to be within the normal values.

Please note that the anomaly prediction algorithm only describes the commonality of the current statistics when compared with the previous analysis restuls. There might be specific issues that are not part of the analysis and that can still indicate a potential problem.

Message types

NoCodeMessage sampleCount
1SYSTEM,general0,2017/12/20 00:02:06,vsys1,general,,0,0,general,informational,"EDL(Abusers_404) No changes to list file",29977,0x0,0,0,0,0,,altfirewall01 497
2SYSTEM,globalprotect0,2017/12/20 08:57:29,,globalprotectportal-auth-succ,GP-Portal,0,0,general,informational,"GlobalProtect portal user authentication succeeded. Login from: 24.141.210.87, User name: agrigorof, Auth type: profile.",30152,0x0,0,0,0,0,,altfirewall01 02
3TRAFFIC,deny1,2017/12/20 03:18:48,5.39.218.17,67.213.65.59,5.39.218.17,192.168.5.55,Deny all Inbound,,,cotp,vsys1,untrust,trust,ethernet1/5,ethernet1/3,UBUNTU07,2017/12/20 03:18:48,13612,1,3826,80,3826,80,0x400000,tcp,reset-both,293,227,66,4,2017/12/20 03:18:48,0,any,0,14896180,0x0,NL,CA,0,3,1,policy-deny,0,0,0,0,,altfirewall01,from-application 86
4TRAFFIC,drop1,2017/12/19 23:57:26,139.59.94.91,67.213.65.60,0.0.0.0,0.0.0.0,Deny all Inbound,,,not-applicable,vsys1,untrust,trust,ethernet1/5,,UBUNTU07,2017/12/19 23:57:26,0,1,11872,5900,0,0,0x0,tcp,deny,62,62,0,1,2017/12/19 23:57:26,0,any,0,14875093,0x0,IN,CA,0,1,0,policy-deny,0,0,0,0,,altfirewall01,from-policy 31,088
5TRAFFIC,end1,2017/12/19 23:57:24,203.166.24.133,67.213.65.60,203.166.24.133,192.168.5.56,Web inbound,,,web-browsing,vsys1,untrust,trust,ethernet1/5,ethernet1/3,UBUNTU07,2017/12/19 23:57:24,248088,1,13871,80,13871,80,0x40001b,tcp,allow,30198,2220,27978,34,2017/12/19 23:55:09,121,any,0,14875089,0x0,AU,CA,0,13,21,tcp-rst-from-server,0,0,0,0,,altfirewall01,from-policy 121,546

altfirewall01.eventid.net - Traffic and denials per hour









HourTraffic (MB)%Connections%Denials%
00-0186.002.885,6173.681,0693.43
01-02101.003.396,7114.391,0293.30
02-03120.004.036,5134.261,0483.36
03-04123.004.146,1964.061,2704.07
04-05148.004.977,9625.212,2587.24
05-06147.004.936,3084.131,2153.90
06-07122.004.106,7024.391,3724.40
07-08156.005.246,8474.481,1713.76
08-09130.004.366,0263.951,1163.58
09-10183.006.127,7315.068352.68
10-11146.004.916,5674.308802.82
11-12137.004.605,9533.908842.84
12-13109.003.655,0943.347862.52
13-14112.003.755,6973.737802.50
14-15110.003.695,6423.698062.59
15-16106.003.555,1343.367452.39
16-17364.0012.1819,37112.688,04025.79
17-1883.002.774,0212.637362.36
18-19106.003.564,3562.857162.30
19-2075.002.534,7923.146992.24
20-2173.002.474,4142.899092.92
21-2284.002.814,8013.148222.64
22-2376.002.555,4063.548682.78
23-2484.002.844,8593.181,1203.59

altfirewall01.eventid.net - Interfaces

NoInterfacesConnectionsMB%DenialsWarningsACLsIDS
1Outbound24,30287.3702.9200000000
2ethernet1/3 to tunnel.10100.0000.0000000000
3Inbound97,1632,865.2195.6886000000
4VPN8042.0801.4100000000
5ethernet1/5 to 0000.0000.0027,664000000
6tunnel.1 to 0000.0000.003,424000000
 Total121,5462,994.67 31,174000000

Firewall: altfirewall01.eventid.net - Interfaces: Outbound - Go to top

Sources (2 unique)

NoSourceBytes%Comment
1eventmaster5.altairdemo.local (192.168.5.55)91,605,71699.9921 denials recorded on 5/28/2017 9:52:05 PM
2192.168.5.569,9680.01 



Top 50 destinations out of 180 unique destinations

NoDestinationBytes%Comment
1ord37s07-in-f4.1e100.net (172.217.1.36)69,017,92275.33 
2google-public-dns-a.google.com (8.8.8.8)4,989,7225.45 
3google-public-dns-b.google.com (8.8.4.4)3,504,0663.82 
4lga15s46-in-f4.1e100.net (172.217.4.36)3,358,4563.67 
5zeus.lunarpages.com (64.50.185.36)856,1920.93 
6ord37s07-in-f14.1e100.net (172.217.1.46)851,9420.93 
7lb-192-30-253-117-iad.github.com (192.30.253.117)733,0000.80 
8lb-192-30-253-116-iad.github.com (192.30.253.116)674,3600.74 
9yyz10s04-in-f4.1e100.net (172.217.1.164)661,7310.72 
1052.179.13.227615,1680.67 
11162.125.6.1512,2710.56 
12edge-star-shv-01-ort2.facebook.com (157.240.2.20)422,9510.46 
1323.103.189.158271,2400.30 
1474.125.124.104254,3460.28 
15104.244.42.130242,2080.26 
16ord38s08-in-f10.1e100.net (172.217.9.42)196,3400.21 
17ord37s07-in-f13.1e100.net (172.217.1.45)195,3020.21 
18a23-50-230-89.deploy.static.akamaitechnologies.com (23.50.230.89)167,5630.18 
19ord36s04-in-f106.1e100.net (172.217.4.106)162,7130.18 
20ord37s18-in-f10.1e100.net (172.217.4.74)157,0240.17 
21104.244.42.194143,8480.16 
22ord38s01-in-f10.1e100.net (172.217.6.10)141,5300.15 
23ord37s08-in-f10.1e100.net (172.217.8.170)137,4560.15 
24104.244.42.2137,4150.15 
25ord37s03-in-f106.1e100.net (172.217.6.106)137,3960.15 
26ord37s09-in-f10.1e100.net (172.217.8.202)132,6570.14 
27edge-star-shv-01-yyz1.facebook.com (31.13.80.8)128,8920.14 
28ord30s31-in-f10.1e100.net (172.217.4.234)125,5970.14 
29lga15s46-in-f42.1e100.net (172.217.4.42)117,7680.13 
30ord38s04-in-f10.1e100.net (172.217.0.10)117,7680.13 
31104.244.42.66104,7880.11 
32ord37s07-in-f42.1e100.net (172.217.1.42)104,2500.11 
33162.125.7.1100,7700.11 
34ord30s26-in-f234.1e100.net (216.58.192.234)99,7750.11 
35ord38s09-in-f10.1e100.net (172.217.9.74)98,1400.11 
36ord36s02-in-f170.1e100.net (216.58.192.170)93,2100.10 
37ord30s25-in-f10.1e100.net (216.58.192.202)90,1080.10 
38dcl7-dfw.login-dfw.salesforce.com (136.147.59.44)86,9440.09 
39ord31s22-in-f10.1e100.net (216.58.216.234)79,3590.09 
40199.167.52.20177,5280.08 
41dcl4-phx.login-phx.salesforce.com (136.147.41.172)66,8800.07 
42dcl6-dfw.login-dfw.salesforce.com (136.147.58.172)53,5640.06 
43dcl8-phx.login-phx.salesforce.com (136.147.43.172)53,5040.06 
44dcl3-dfw.login-dfw.salesforce.com (136.147.57.44)46,8160.05 
45ord37s07-in-f35.1e100.net (172.217.1.35)43,8530.05 
46dcl6-phx.login-phx.salesforce.com (136.147.42.172)40,1280.04 
47dcl3-phx.login-phx.salesforce.com (136.147.41.44)40,1280.04 
4862.146.25.2039,3580.04 
49ord31s21-in-f10.1e100.net (216.58.216.202)39,2560.04 
50ord36s01-in-f10.1e100.net (216.58.192.138)39,2560.04 




Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
1eventmaster5.altairdemo.local (192.168.5.55)GOOGLE-BASE1,87476,321,02183.3121 denials recorded on 5/28/2017 9:52:05 PM
2eventmaster5.altairdemo.local (192.168.5.55)PING5,7624,263,2884.65 
3eventmaster5.altairdemo.local (192.168.5.55)DNS15,7304,228,7704.62 
4eventmaster5.altairdemo.local (192.168.5.55)SSL2022,330,6072.54 
5eventmaster5.altairdemo.local (192.168.5.55)SMTP10885,5970.97 
6eventmaster5.altairdemo.local (192.168.5.55)DROPBOX-BASE96692,3900.76 
7eventmaster5.altairdemo.local (192.168.5.55)SALESFORCE-BASE96642,1680.70 
8eventmaster5.altairdemo.local (192.168.5.55)TWITTER-BASE96628,2590.69 
9eventmaster5.altairdemo.local (192.168.5.55)FACEBOOK-BASE96588,4130.64 
10eventmaster5.altairdemo.local (192.168.5.55)OUTLOOK-WEB-ONLINE96526,4690.57 
11eventmaster5.altairdemo.local (192.168.5.55)MS-UPDATE04289,3970.32 
12eventmaster5.altairdemo.local (192.168.5.55)GOOGLE-DRIVE-WEB19146,0760.16 
13eventmaster5.altairdemo.local (192.168.5.55)TCP/443 - ssl-https2941,6990.05 
14eventmaster5.altairdemo.local (192.168.5.55)WEB-BROWSING068,3300.01 
15eventmaster5.altairdemo.local (192.168.5.55)NETBIOS-NS276,1640.01 
16eventmaster5.altairdemo.local (192.168.5.55)OCSP013,3410.00 
17192.168.5.56TCP/52831011,5740.00 
18192.168.5.56TCP/62203011,3740.00 
19eventmaster5.altairdemo.local (192.168.5.55)TCP/135 - ms rpc121,1640.00 
20eventmaster5.altairdemo.local (192.168.5.55)TCP/139 - netbios087760.00 
21eventmaster5.altairdemo.local (192.168.5.55)SNMP-BASE097110.00 
22eventmaster5.altairdemo.local (192.168.5.55)TCP/445 - netbios065820.00 
23eventmaster5.altairdemo.local (192.168.5.55)TCP/25 - smtp021940.00 
24192.168.5.56TCP/45242011200.00 
25192.168.5.56TCP/45243011200.00 
26192.168.5.56TCP/5900 - vnc021200.00 
27192.168.5.56TCP/16369011200.00 
28192.168.5.56TCP/164021200.00 
29eventmaster5.altairdemo.local (192.168.5.55)TCP/164021200.00 
30192.168.5.56TCP/3756001600.00 
31eventmaster5.altairdemo.local (192.168.5.55)TCP/5345501600.00 
32192.168.5.56TCP/2049 - nfs01600.00 
33192.168.5.56TCP/5800 - vnc01600.00 
34192.168.5.56TCP/3389 - ms rdp01600.00 
35192.168.5.56TCP/6500401600.00 
36192.168.5.56TCP/6140301600.00 
37192.168.5.56TCP/2523901600.00 
38192.168.5.56TCP/6006801600.00 
39192.168.5.56TCP/6079801600.00 
40192.168.5.56TCP/6293701600.00 
41192.168.5.56TCP/5285101600.00 
42192.168.5.56TCP/3726001600.00 
43192.168.5.56TCP/3795701600.00 
44192.168.5.56TCP/3966301600.00 
45192.168.5.56TCP/4523901600.00 
46192.168.5.56TCP/1073401600.00 
47192.168.5.56TCP/4296101600.00 
48192.168.5.56TCP/6030001600.00 
49192.168.5.56TCP/543201600.00 
50192.168.5.56TCP/5926401600.00 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
1eventmaster5.altairdemo.local (192.168.5.55)ord37s07-in-f4.1e100.net (172.217.1.36)GOOGLE-BASE1,35769,016,80775.3321 denials recorded on 5/28/2017 9:52:05 PM
2eventmaster5.altairdemo.local (192.168.5.55)lga15s46-in-f4.1e100.net (172.217.4.36)GOOGLE-BASE663,358,4563.67 
3eventmaster5.altairdemo.local (192.168.5.55)google-public-dns-a.google.com (8.8.8.8)DNS11,7592,857,2133.12 
4eventmaster5.altairdemo.local (192.168.5.55)google-public-dns-a.google.com (8.8.8.8)PING2,8802,131,4962.33 
5eventmaster5.altairdemo.local (192.168.5.55)google-public-dns-b.google.com (8.8.4.4)PING2,8812,131,4962.33 
6eventmaster5.altairdemo.local (192.168.5.55)google-public-dns-b.google.com (8.8.4.4)DNS3,9711,371,5571.50 
7eventmaster5.altairdemo.local (192.168.5.55)zeus.lunarpages.com (64.50.185.36)SMTP05856,1920.93 
8eventmaster5.altairdemo.local (192.168.5.55)lb-192-30-253-117-iad.github.com (192.30.253.117)SSL50733,0000.80 
9eventmaster5.altairdemo.local (192.168.5.55)ord37s07-in-f14.1e100.net (172.217.1.46)GOOGLE-BASE97729,1530.80 
10eventmaster5.altairdemo.local (192.168.5.55)lb-192-30-253-116-iad.github.com (192.30.253.116)SSL46674,3600.74 
11eventmaster5.altairdemo.local (192.168.5.55)yyz10s04-in-f4.1e100.net (172.217.1.164)GOOGLE-BASE13661,7310.72 
12eventmaster5.altairdemo.local (192.168.5.55)52.179.13.227SSL96615,1680.67 
13eventmaster5.altairdemo.local (192.168.5.55)162.125.6.1DROPBOX-BASE71512,2710.56 
14eventmaster5.altairdemo.local (192.168.5.55)edge-star-shv-01-ort2.facebook.com (157.240.2.20)FACEBOOK-BASE69422,9510.46 
15eventmaster5.altairdemo.local (192.168.5.55)23.103.189.158MS-UPDATE01271,2400.30 
16eventmaster5.altairdemo.local (192.168.5.55)74.125.124.104GOOGLE-BASE05254,3460.28 
17eventmaster5.altairdemo.local (192.168.5.55)104.244.42.130TWITTER-BASE37242,2080.26 
18eventmaster5.altairdemo.local (192.168.5.55)ord38s08-in-f10.1e100.net (172.217.9.42)GOOGLE-BASE30196,3400.21 
19eventmaster5.altairdemo.local (192.168.5.55)ord37s07-in-f13.1e100.net (172.217.1.45)GOOGLE-BASE26185,6180.20 
20eventmaster5.altairdemo.local (192.168.5.55)a23-50-230-89.deploy.static.akamaitechnologies.com (23.50.230.89)SSL01167,5630.18 
21eventmaster5.altairdemo.local (192.168.5.55)ord37s18-in-f10.1e100.net (172.217.4.74)GOOGLE-BASE24157,0240.17 
22eventmaster5.altairdemo.local (192.168.5.55)ord36s04-in-f106.1e100.net (172.217.4.106)GOOGLE-BASE20154,5310.17 
23eventmaster5.altairdemo.local (192.168.5.55)104.244.42.194TWITTER-BASE22143,8480.16 
24eventmaster5.altairdemo.local (192.168.5.55)ord37s08-in-f10.1e100.net (172.217.8.170)GOOGLE-BASE21137,4560.15 
25eventmaster5.altairdemo.local (192.168.5.55)104.244.42.2TWITTER-BASE21137,4150.15 
26eventmaster5.altairdemo.local (192.168.5.55)ord37s03-in-f106.1e100.net (172.217.6.106)GOOGLE-BASE21137,3960.15 
27eventmaster5.altairdemo.local (192.168.5.55)ord38s01-in-f10.1e100.net (172.217.6.10)GOOGLE-BASE18134,2550.15 
28eventmaster5.altairdemo.local (192.168.5.55)ord37s09-in-f10.1e100.net (172.217.8.202)GOOGLE-BASE19130,1920.14 
29eventmaster5.altairdemo.local (192.168.5.55)edge-star-shv-01-yyz1.facebook.com (31.13.80.8)FACEBOOK-BASE21128,8920.14 
30eventmaster5.altairdemo.local (192.168.5.55)ord37s07-in-f14.1e100.net (172.217.1.46)GOOGLE-DRIVE-WEB16122,7890.13 
31eventmaster5.altairdemo.local (192.168.5.55)ord30s31-in-f10.1e100.net (172.217.4.234)GOOGLE-BASE17120,7870.13 
32eventmaster5.altairdemo.local (192.168.5.55)lga15s46-in-f42.1e100.net (172.217.4.42)GOOGLE-BASE18117,7680.13 
33eventmaster5.altairdemo.local (192.168.5.55)ord38s04-in-f10.1e100.net (172.217.0.10)GOOGLE-BASE18117,7680.13 
34eventmaster5.altairdemo.local (192.168.5.55)104.244.42.66TWITTER-BASE16104,7880.11 
35eventmaster5.altairdemo.local (192.168.5.55)ord37s07-in-f42.1e100.net (172.217.1.42)GOOGLE-BASE14100,9380.11 
36eventmaster5.altairdemo.local (192.168.5.55)162.125.7.1DROPBOX-BASE14100,7700.11 
37eventmaster5.altairdemo.local (192.168.5.55)ord38s09-in-f10.1e100.net (172.217.9.74)GOOGLE-BASE1598,1400.11 
38eventmaster5.altairdemo.local (192.168.5.55)ord30s26-in-f234.1e100.net (216.58.192.234)GOOGLE-BASE1597,3100.11 
39eventmaster5.altairdemo.local (192.168.5.55)ord36s02-in-f170.1e100.net (216.58.192.170)GOOGLE-BASE1390,7450.10 
40eventmaster5.altairdemo.local (192.168.5.55)ord30s25-in-f10.1e100.net (216.58.192.202)GOOGLE-BASE1390,1080.10 
41eventmaster5.altairdemo.local (192.168.5.55)dcl7-dfw.login-dfw.salesforce.com (136.147.59.44)SALESFORCE-BASE1386,9440.09 
42eventmaster5.altairdemo.local (192.168.5.55)ord31s22-in-f10.1e100.net (216.58.216.234)GOOGLE-BASE1278,5120.09 
43eventmaster5.altairdemo.local (192.168.5.55)199.167.52.201SSL0277,5280.08 
44eventmaster5.altairdemo.local (192.168.5.55)dcl4-phx.login-phx.salesforce.com (136.147.41.172)SALESFORCE-BASE1066,8800.07 
45eventmaster5.altairdemo.local (192.168.5.55)dcl6-dfw.login-dfw.salesforce.com (136.147.58.172)SALESFORCE-BASE0853,5640.06 
46eventmaster5.altairdemo.local (192.168.5.55)dcl8-phx.login-phx.salesforce.com (136.147.43.172)SALESFORCE-BASE0853,5040.06 
47eventmaster5.altairdemo.local (192.168.5.55)dcl3-dfw.login-dfw.salesforce.com (136.147.57.44)SALESFORCE-BASE0746,8160.05 
48eventmaster5.altairdemo.local (192.168.5.55)ord37s07-in-f35.1e100.net (172.217.1.35)GOOGLE-BASE0543,8530.05 
49eventmaster5.altairdemo.local (192.168.5.55)dcl6-phx.login-phx.salesforce.com (136.147.42.172)SALESFORCE-BASE0640,1280.04 
50eventmaster5.altairdemo.local (192.168.5.55)dcl3-phx.login-phx.salesforce.com (136.147.41.44)SALESFORCE-BASE0640,1280.04 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1GOOGLE-BASE1,87476,321,02183.31 
2PING5,7624,263,2884.65 
3DNS15,7304,228,7704.62 
4SSL2022,330,6072.54 
5SMTP10885,5970.97 
6DROPBOX-BASE96692,3900.76 
7SALESFORCE-BASE96642,1680.70 
8TWITTER-BASE96628,2590.69 
9FACEBOOK-BASE96588,4130.64 
10OUTLOOK-WEB-ONLINE96526,4690.57 
11MS-UPDATE04289,3970.32 
12GOOGLE-DRIVE-WEB19146,0760.16 
13TCP/443 - ssl-https2941,6990.05 
14WEB-BROWSING068,3300.01 
15NETBIOS-NS276,1640.01 
16OCSP013,3410.00 
17TCP/52831011,5740.00 
18TCP/62203011,3740.00 
19TCP/135 - ms rpc121,1640.00 
20TCP/139 - netbios087760.00 
21SNMP-BASE097110.00 
22TCP/445 - netbios065820.00 
23TCP/164042400.00 
24TCP/25 - smtp021940.00 
25TCP/45242011200.00 
26TCP/45243011200.00 
27TCP/5900 - vnc021200.00 
28TCP/16369011200.00 
29TCP/59581021200.00 
30TCP/3756001600.00 
31TCP/5345501600.00 
32TCP/2049 - nfs01600.00 
33TCP/5800 - vnc01600.00 
34TCP/3389 - ms rdp01600.00 
35TCP/6500401600.00 
36TCP/6140301600.00 
37TCP/2523901600.00 
38TCP/6006801600.00 
39TCP/6079801600.00 
40TCP/6293701600.00 
41TCP/5285101600.00 
42TCP/3726001600.00 
43TCP/3795701600.00 
44TCP/3966301600.00 
45TCP/4523901600.00 
46TCP/1073401600.00 
47TCP/4296101600.00 
48TCP/6030001600.00 
49TCP/543201600.00 
50TCP/5926401600.00 



Top 50 protocol TCP/25 - smtp: Sources, destinations, and traffic - Unique sources: 1, unique destinations: 1

NoSourceDestinationConnectionsBytesComment
1eventmaster5.altairdemo.local (192.168.5.55)rubidium.mailguard.com.au (103.248.191.194)0219421 denials recorded on 5/28/2017 9:52:05 PM

Top 50 protocol TCP/3389 - ms rdp: Sources, destinations, and traffic - Unique sources: 1, unique destinations: 1

NoSourceDestinationConnectionsBytesComment
1192.168.5.56msnbot-207-46-13-134.search.msn.com (207.46.13.134)0160 

Firewall: altfirewall01.eventid.net - Interfaces: ethernet1/3 to tunnel.1 - Go to top

Sources (1 unique)

NoSourceBytes%Comment
1eventmaster5.altairdemo.local (192.168.5.55)660100.0021 denials recorded on 5/28/2017 9:52:05 PM

Destinations (1 unique)

NoDestinationBytes%Comment
110.10.5.102660100.00 


Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
1eventmaster5.altairdemo.local (192.168.5.55)TCP/1951401660100.0021 denials recorded on 5/28/2017 9:52:05 PM

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
1eventmaster5.altairdemo.local (192.168.5.55)10.10.5.102TCP/1951401660100.0021 denials recorded on 5/28/2017 9:52:05 PM

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1TCP/1951401660100.00 

Firewall: altfirewall01.eventid.net - Interfaces: Inbound - Go to top

Top 50 sources out of 8191 unique sources

NoSourceBytes%Comment
1sn191.s02.sjc01.qualys.com (64.39.103.191)239,060,1747.96 
2msnbot-207-46-13-134.search.msn.com (207.46.13.134)95,325,9303.17 
3msnbot-207-46-13-71.search.msn.com (207.46.13.71)93,489,6293.11 
4msnbot-157-55-39-204.search.msn.com (157.55.39.204)73,963,6132.46 
5sogouspider-106-120-173-138.crawl.sogou.com (106.120.173.138)34,533,8241.15 
6msnbot-157-55-39-202.search.msn.com (157.55.39.202)32,987,1341.10 
7216.244.66.25028,972,7180.96 
8d24-141-210-87.home.cgocable.net (24.141.210.87)25,337,9880.84 
9sn061.s02.sjc01.qualys.com (64.39.103.61)23,781,5830.79 
10public-gprs411643.centertel.pl (37.47.239.60)19,814,7370.66 
11113.220.29.8917,760,4480.59 
12msnbot-40-77-167-12.search.msn.com (40.77.167.12)15,368,2620.51 
13198.211.214.17815,120,5960.50 
1447.247.43.19114,724,0830.49 
15msnbot-40-77-167-51.search.msn.com (40.77.167.51)13,923,4390.46 
16185.26.92.7412,139,7500.40 
17216.244.66.24111,891,4510.40 
185-255-250-167.spider.yandex.com (5.255.250.167)11,203,9510.37 
1965.208.151.11510,686,1370.36 
20100-43-85-118.spider.yandex.com (100.43.85.118)9,674,5220.32 
2193-158-161-24.spider.yandex.com (93.158.161.24)8,949,5260.30 
22100-43-85-188.spider.yandex.com (100.43.85.188)8,756,6290.29 
2392.red-88-25-82.staticip.rima-tde.net (88.25.82.92)8,042,1410.27 
2465.151.188.337,385,2710.25 
25ec2-34-252-155-34.eu-west-1.compute.amazonaws.com (34.252.155.34)6,565,9500.22 
26msnbot-207-46-13-75.search.msn.com (207.46.13.75)6,289,2930.21 
27rate-limited-proxy-66-249-91-62.google.com (66.249.91.62)6,106,3130.20 
28crawl-66-249-69-94.googlebot.com (66.249.69.94)6,043,4210.20 
2972.c5.33.static.xlhost.com (209.51.197.114)5,006,0620.17 
30rate-limited-proxy-66-249-91-32.google.com (66.249.91.32)4,723,3590.16 
31mail0.ess.barracuda.com (64.235.153.7)4,529,0310.15 
32b110322.yse.yahoo.net (68.180.230.188)4,418,4610.15 
33mail14.ess.barracuda.com (64.235.154.141)4,212,3850.14 
34google-proxy-66-249-93-33.google.com (66.249.93.33)4,210,1650.14 
35crawl-66-249-69-66.googlebot.com (66.249.69.66)3,817,4160.13 
3665.249.195.753,774,8140.13 
37mail20.ess.barracuda.com (209.222.83.71)3,603,6330.12 
38mail14.ess.barracuda.com (64.235.154.106)3,396,3460.11 
39business-24-134-62-113.pool2.vodafone-ip.de (24.134.62.113)3,316,3460.11 
40crawl-66-249-64-94.googlebot.com (66.249.64.94)3,081,7750.10 
41mail0.ess.barracuda.com (64.235.153.8)3,045,4740.10 
42rate-limited-proxy-66-249-89-158.google.com (66.249.89.158)2,984,0450.10 
4364.39.103.2472,875,8990.10 
44msnbot-157-55-39-253.search.msn.com (157.55.39.253)2,847,1650.09 
45mail14.ess.barracuda.com (64.235.154.104)2,808,4840.09 
46rate-limited-proxy-66-249-91-35.google.com (66.249.91.35)2,773,9470.09 
47google-proxy-66-102-6-97.google.com (66.102.6.97)2,685,7530.09 
48mx5.it-crowd.ru (195.208.166.202)2,647,0050.09 
49s01061cabc0aaddb3.cg.shawcable.net (24.64.148.48)2,619,5010.09 
50223.227.57.762,572,6530.09 



Destinations (2 unique)

NoDestinationBytes%Comment
167.213.65.602,934,745,48397.68 
267.213.65.5969,647,2942.32 




Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
1sn191.s02.sjc01.qualys.com (64.39.103.191)WEB-BROWSING137238,204,3717.93 
2msnbot-207-46-13-134.search.msn.com (207.46.13.134)WEB-CRAWLER4,14588,851,3152.96 
3msnbot-207-46-13-71.search.msn.com (207.46.13.71)WEB-CRAWLER4,05786,627,0172.88 
4msnbot-157-55-39-204.search.msn.com (157.55.39.204)WEB-CRAWLER4,10068,319,2832.27 
5sogouspider-106-120-173-138.crawl.sogou.com (106.120.173.138)WEB-BROWSING1,65032,915,6031.10 
6msnbot-157-55-39-202.search.msn.com (157.55.39.202)WEB-CRAWLER1,10030,399,1741.01 
7216.244.66.250WEB-BROWSING1,54428,970,1480.96 
8d24-141-210-87.home.cgocable.net (24.141.210.87)WEB-BROWSING1,44025,318,3320.84 
9public-gprs411643.centertel.pl (37.47.239.60)WEB-BROWSING0819,814,4250.66 
10113.220.29.89WEB-BROWSING0117,760,4480.59 
11sn061.s02.sjc01.qualys.com (64.39.103.61)SSL6,07616,195,1920.54 
12198.211.214.178WEB-BROWSING0715,119,3480.50 
1347.247.43.191WEB-BROWSING0314,724,0830.49 
14msnbot-40-77-167-12.search.msn.com (40.77.167.12)WEB-CRAWLER66714,508,1980.48 
15msnbot-40-77-167-51.search.msn.com (40.77.167.51)WEB-CRAWLER62812,986,4960.43 
16216.244.66.241WEB-BROWSING77311,890,5810.40 
17185.26.92.74WEB-BROWSING5811,630,0910.39 
185-255-250-167.spider.yandex.com (5.255.250.167)WEB-CRAWLER0811,203,9510.37 
1965.208.151.115WEB-BROWSING0110,686,1370.36 
20100-43-85-118.spider.yandex.com (100.43.85.118)WEB-CRAWLER3929,581,0270.32 
2193-158-161-24.spider.yandex.com (93.158.161.24)WEB-CRAWLER3688,916,2280.30 
22100-43-85-188.spider.yandex.com (100.43.85.188)WEB-CRAWLER3768,721,7710.29 
2392.red-88-25-82.staticip.rima-tde.net (88.25.82.92)WEB-BROWSING018,042,1410.27 
24sn061.s02.sjc01.qualys.com (64.39.103.61)WEB-BROWSING5467,388,4020.25 
2565.151.188.33WEB-BROWSING3,3377,385,2710.25 
26msnbot-207-46-13-71.search.msn.com (207.46.13.71)SSL2516,728,2350.22 
27ec2-34-252-155-34.eu-west-1.compute.amazonaws.com (34.252.155.34)WEB-BROWSING146,565,9500.22 
28msnbot-207-46-13-134.search.msn.com (207.46.13.134)SSL2576,455,1810.21 
29rate-limited-proxy-66-249-91-62.google.com (66.249.91.62)WEB-CRAWLER1486,106,3130.20 
30crawl-66-249-69-94.googlebot.com (66.249.69.94)WEB-CRAWLER1546,043,4210.20 
31msnbot-207-46-13-75.search.msn.com (207.46.13.75)WEB-CRAWLER3495,998,0420.20 
32msnbot-157-55-39-204.search.msn.com (157.55.39.204)SSL2865,611,6270.19 
3372.c5.33.static.xlhost.com (209.51.197.114)WEB-BROWSING765,004,9380.17 
34rate-limited-proxy-66-249-91-32.google.com (66.249.91.32)WEB-CRAWLER1294,723,3590.16 
35mail0.ess.barracuda.com (64.235.153.7)WEB-BROWSING2684,529,0310.15 
36b110322.yse.yahoo.net (68.180.230.188)WEB-CRAWLER3534,395,5780.15 
37mail14.ess.barracuda.com (64.235.154.141)WEB-BROWSING2474,212,3850.14 
38google-proxy-66-249-93-33.google.com (66.249.93.33)WEB-BROWSING244,210,1650.14 
39crawl-66-249-69-66.googlebot.com (66.249.69.66)WEB-CRAWLER1203,817,4160.13 
4065.249.195.75WEB-BROWSING603,757,0300.13 
41mail20.ess.barracuda.com (209.222.83.71)WEB-BROWSING2093,603,6330.12 
42mail14.ess.barracuda.com (64.235.154.106)WEB-BROWSING1993,396,3460.11 
43business-24-134-62-113.pool2.vodafone-ip.de (24.134.62.113)WEB-BROWSING213,313,2260.11 
44crawl-66-249-64-94.googlebot.com (66.249.64.94)WEB-CRAWLER963,081,7750.10 
45mail0.ess.barracuda.com (64.235.153.8)WEB-BROWSING1803,045,4740.10 
46rate-limited-proxy-66-249-89-158.google.com (66.249.89.158)WEB-CRAWLER652,984,0450.10 
4764.39.103.247WEB-BROWSING182,875,8990.10 
48msnbot-157-55-39-253.search.msn.com (157.55.39.253)WEB-CRAWLER212,838,6290.09 
49mail14.ess.barracuda.com (64.235.154.104)WEB-BROWSING1662,808,4840.09 
50rate-limited-proxy-66-249-91-35.google.com (66.249.91.35)WEB-CRAWLER872,773,9470.09 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
1sn191.s02.sjc01.qualys.com (64.39.103.191)67.213.65.60WEB-BROWSING137238,204,3717.93 
2msnbot-207-46-13-134.search.msn.com (207.46.13.134)67.213.65.60WEB-CRAWLER4,14588,851,3152.96 
3msnbot-207-46-13-71.search.msn.com (207.46.13.71)67.213.65.60WEB-CRAWLER4,05786,627,0172.88 
4msnbot-157-55-39-204.search.msn.com (157.55.39.204)67.213.65.60WEB-CRAWLER4,10068,319,2832.27 
5sogouspider-106-120-173-138.crawl.sogou.com (106.120.173.138)67.213.65.60WEB-BROWSING1,65032,915,6031.10 
6msnbot-157-55-39-202.search.msn.com (157.55.39.202)67.213.65.60WEB-CRAWLER1,10030,399,1741.01 
7216.244.66.25067.213.65.60WEB-BROWSING1,54428,970,1480.96 
8d24-141-210-87.home.cgocable.net (24.141.210.87)67.213.65.60WEB-BROWSING1,44025,318,3320.84 
9public-gprs411643.centertel.pl (37.47.239.60)67.213.65.60WEB-BROWSING0819,814,4250.66 
10113.220.29.8967.213.65.60WEB-BROWSING0117,760,4480.59 
11sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60SSL6,07616,195,1920.54 
12198.211.214.17867.213.65.59WEB-BROWSING0715,119,3480.50 
1347.247.43.19167.213.65.59WEB-BROWSING0314,724,0830.49 
14msnbot-40-77-167-12.search.msn.com (40.77.167.12)67.213.65.60WEB-CRAWLER66714,508,1980.48 
15msnbot-40-77-167-51.search.msn.com (40.77.167.51)67.213.65.60WEB-CRAWLER62812,986,4960.43 
16216.244.66.24167.213.65.60WEB-BROWSING77311,890,5810.40 
17185.26.92.7467.213.65.60WEB-BROWSING5611,616,9610.39 
185-255-250-167.spider.yandex.com (5.255.250.167)67.213.65.59WEB-CRAWLER0811,203,9510.37 
1965.208.151.11567.213.65.60WEB-BROWSING0110,686,1370.36 
20100-43-85-118.spider.yandex.com (100.43.85.118)67.213.65.60WEB-CRAWLER3929,581,0270.32 
2193-158-161-24.spider.yandex.com (93.158.161.24)67.213.65.60WEB-CRAWLER3688,916,2280.30 
22100-43-85-188.spider.yandex.com (100.43.85.188)67.213.65.60WEB-CRAWLER3768,721,7710.29 
2392.red-88-25-82.staticip.rima-tde.net (88.25.82.92)67.213.65.60WEB-BROWSING018,042,1410.27 
24sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60WEB-BROWSING5467,388,4020.25 
2565.151.188.3367.213.65.60WEB-BROWSING3,3377,385,2710.25 
26msnbot-207-46-13-71.search.msn.com (207.46.13.71)67.213.65.60SSL2516,728,2350.22 
27ec2-34-252-155-34.eu-west-1.compute.amazonaws.com (34.252.155.34)67.213.65.60WEB-BROWSING146,565,9500.22 
28msnbot-207-46-13-134.search.msn.com (207.46.13.134)67.213.65.60SSL2576,455,1810.21 
29rate-limited-proxy-66-249-91-62.google.com (66.249.91.62)67.213.65.60WEB-CRAWLER1486,106,3130.20 
30crawl-66-249-69-94.googlebot.com (66.249.69.94)67.213.65.60WEB-CRAWLER1546,043,4210.20 
31msnbot-207-46-13-75.search.msn.com (207.46.13.75)67.213.65.60WEB-CRAWLER3495,998,0420.20 
32msnbot-157-55-39-204.search.msn.com (157.55.39.204)67.213.65.60SSL2865,611,6270.19 
3372.c5.33.static.xlhost.com (209.51.197.114)67.213.65.60WEB-BROWSING765,004,9380.17 
34rate-limited-proxy-66-249-91-32.google.com (66.249.91.32)67.213.65.60WEB-CRAWLER1294,723,3590.16 
35mail0.ess.barracuda.com (64.235.153.7)67.213.65.60WEB-BROWSING2684,529,0310.15 
36b110322.yse.yahoo.net (68.180.230.188)67.213.65.60WEB-CRAWLER3534,395,5780.15 
37mail14.ess.barracuda.com (64.235.154.141)67.213.65.60WEB-BROWSING2474,212,3850.14 
38google-proxy-66-249-93-33.google.com (66.249.93.33)67.213.65.60WEB-BROWSING244,210,1650.14 
39crawl-66-249-69-66.googlebot.com (66.249.69.66)67.213.65.60WEB-CRAWLER1203,817,4160.13 
4065.249.195.7567.213.65.60WEB-BROWSING603,757,0300.13 
41mail20.ess.barracuda.com (209.222.83.71)67.213.65.60WEB-BROWSING2093,603,6330.12 
42mail14.ess.barracuda.com (64.235.154.106)67.213.65.60WEB-BROWSING1993,396,3460.11 
43business-24-134-62-113.pool2.vodafone-ip.de (24.134.62.113)67.213.65.60WEB-BROWSING213,313,2260.11 
44crawl-66-249-64-94.googlebot.com (66.249.64.94)67.213.65.60WEB-CRAWLER963,081,7750.10 
45mail0.ess.barracuda.com (64.235.153.8)67.213.65.60WEB-BROWSING1803,045,4740.10 
46rate-limited-proxy-66-249-89-158.google.com (66.249.89.158)67.213.65.60WEB-CRAWLER652,984,0450.10 
4764.39.103.24767.213.65.60WEB-BROWSING182,875,8990.10 
48msnbot-157-55-39-253.search.msn.com (157.55.39.253)67.213.65.59WEB-CRAWLER212,838,6290.09 
49mail14.ess.barracuda.com (64.235.154.104)67.213.65.60WEB-BROWSING1662,808,4840.09 
50rate-limited-proxy-66-249-91-35.google.com (66.249.91.35)67.213.65.60WEB-CRAWLER872,773,9470.09 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1WEB-BROWSING63,5922,498,402,50183.16 
2WEB-CRAWLER18,722413,129,62913.75 
3SSL8,19290,635,2423.02 
4TCP/80 - http6,5232,193,4440.07 
5TCP/443 - ssl-https13431,9610.00 



Top 50 protocol TCP/80 - http: Sources, destinations, and traffic - Unique sources: 2188, unique destinations: 2

NoSourceDestinationConnectionsBytesComment
1sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60230185,545 
2b2b-46-252-129-106.unitymedia.biz (46.252.129.106)67.213.65.60540152,568 
385.218.200.7367.213.65.609529,640 
4d24-141-210-87.home.cgocable.net (24.141.210.87)67.213.65.596319,656 
5sogouspider-106-120-173-138.crawl.sogou.com (106.120.173.138)67.213.65.601619,080 
665.249.195.7567.213.65.605717,784 
7c-73-77-163-244.hsd1.tx.comcast.net (73.77.163.244)67.213.65.605517,160 
8182.253.163.667.213.65.604815,354 
9cm-171-101-73-172.revip11.asianet.co.th (171.101.73.172)67.213.65.604814,976 
10dsl-olubng11-54f96b-128.dhcp.inet.fi (84.249.107.128)67.213.65.602610,732 
11top.servicom2000.com (212.101.64.178)67.213.65.602910,638 
12legacy.norwich.edu (192.149.109.135)67.213.65.60329,984 
13223.227.57.7667.213.65.60248,676 
1489.244.155.6467.213.65.60238,100 
15host-95-189-159-77.pppoe.omsknet.ru (95.189.159.77)67.213.65.60226,864 
16154.73.155.25067.213.65.60166,730 
17172.58.38.14267.213.65.60226,688 
1895-27-147-199.broadband.corbina.ru (95.27.147.199)67.213.65.60216,552 
19216.200.88.212.reserved.above.net (216.200.88.212)67.213.65.60216,552 
20p4fcc93c5.dip0.t-ipconnect.de (79.204.147.197)67.213.65.60206,160 
21159.220.76.467.213.65.60195,928 
2265-125-110-202.dia.static.qwest.net (65.125.110.202)67.213.65.60185,904 
23rrcs-67-52-70-154.west.biz.rr.com (67.52.70.154)67.213.65.60175,780 
24170.251.88.9467.213.65.60165,772 
25176-20-225-54-static.dk.customer.tdc.net (176.20.225.54)67.213.65.60165,568 
26103.23.137.7567.213.65.60165,376 
2780.152.8.19567.213.65.60175,304 
28206.56.157.77.rev.sfr.net (77.157.56.206)67.213.65.60135,252 
29176-12-16-251.pon.spectrumnet.bg (176.12.16.251)67.213.65.60175,236 
30114.125.87.21567.213.65.60165,052 
31148.253.173.13067.213.65.60164,992 
32mail.urgero.net (198.204.237.122)67.213.65.60164,992 
33103.5.148.267.213.65.60134,944 
34191-254-193-190.dsl.telesp.net.br (191.254.193.190)67.213.65.60144,746 
35202077005227.static.ctinets.com (202.77.5.227)67.213.65.60154,680 
36h126.111.40.69.static.ip.windstream.net (69.40.111.126)67.213.65.60154,680 
37qinetiq-isp-block-allocated-to-customers.qinetiq.com (85.159.169.78)67.213.65.60344,648 
38rrcs-67-52-209-86.west.biz.rr.com (67.52.209.86)67.213.65.60134,420 
3945.242.204.6767.213.65.60134,384 
40hsi-kbw-5-158-148-49.hsi19.kabel-badenwuerttemberg.de (5.158.148.49)67.213.65.60144,368 
41217.21.215.13167.213.65.60134,320 
4266-208-171-146.static.kmcmail.net (66.208.171.146)67.213.65.60104,260 
43185.204.24.1267.213.65.60094,230 
44167.220.255.267.213.65.60104,200 
4580.173.146.77.dyn.user.ono.com (80.173.146.77)67.213.65.60114,188 
46dynamic-adsl-78-15-187-17.clienti.tiscali.it (78.15.187.17)67.213.65.60114,062 
4741.203.227.1767.213.65.60114,062 
4871-11-159-109.dhcp.stls.mo.charter.com (71.11.159.109)67.213.65.60114,062 
49bb271ae4.virtua.com.br (187.39.26.228)67.213.65.60134,056 
50fiber.by.weserve.nl (188.120.32.12)67.213.65.60134,056 

Top 50 denied sources

NoSourceConnectionsFirst denial%Comment
1sn061.s02.sjc01.qualys.com (64.39.103.61)6512/20/2018 4:09:37 PM75.58 
25.39.218.170212/20/2018 3:18:48 AM02.33 
3203.19.128.300212/20/2018 10:31:26 PM02.33 
436.248.63.2070212/20/2018 10:35:08 PM02.33 
589.188.125.700112/20/2018 5:51:41 AM01.16 
6171.13.14.190112/20/2018 7:56:44 AM01.16 
7196.201.197.820112/20/2018 9:08:34 AM01.16 
876.51.559e.ip4.static.sl-reverse.com (158.85.81.118)0112/20/2018 1:29:26 PM01.16 
925.80.01a8.ip4.static.sl-reverse.com (168.1.128.37)0112/20/2018 5:33:09 PM01.16 
10171.13.14.70112/20/2018 7:49:32 PM01.16 
11146.185.239.250112/20/2018 8:02:12 PM01.16 
1246x146x220x74.static-business.perm.ertelecom.ru (46.146.220.74)0112/20/2018 10:06:26 PM01.16 
13123.191.144.790112/20/2018 10:35:09 PM01.16 
14119.118.8.260112/20/2018 10:35:10 PM01.16 
15111.85.179.1720112/20/2018 10:35:10 PM01.16 
1636.32.40.990112/20/2018 10:35:12 PM01.16 
17182.138.137.530112/20/2018 10:35:13 PM01.16 
18dns142.online.tj.cn (111.162.149.142)0112/20/2018 10:35:14 PM01.16 
19223.14.181.160112/20/2018 10:35:15 PM01.16 

Top 50 destinations for denied connections

NoDestinationConnectionsFirst denial%Comment
167.213.65.608212/20/2018 3:18:50 AM95.35 
267.213.65.590412/20/2018 3:18:48 AM04.65 

Top 50 denied protocols

NoDenied protocolConnectionsFirst denial%Comment
1HTTP-PROXY2712/20/2018 7:56:44 AM31.40 
2UNKNOWN-TCP2312/20/2018 5:51:41 AM26.74 
3WEBDAV1912/20/2018 4:09:55 PM22.09 
4EROOM-HOST0412/20/2018 4:17:31 PM04.65 
5COTP0312/20/2018 3:18:48 AM03.49 
6OUTLOOK-WEB0312/20/2018 4:15:55 PM03.49 
7TWITTER-BASE0212/20/2018 1:29:26 PM02.33 
8SOAP0212/20/2018 4:13:17 PM02.33 
9ACTIVESYNC0212/20/2018 4:17:38 PM02.33 
10NAGIOS0112/20/2018 4:15:53 PM01.16 



Top 50 denial reasons

NoDenial reasonConnectionsFirst denial%Comment
1Deny all Inbound8612/20/2018 3:18:48 AM100.00 

Top 50 denied sources, destinations, protocols and reasons

NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
1sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60WEBDAVDeny all Inbound1912/20/2018 4:09:55 PM22.09 
2sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60UNKNOWN-TCPDeny all Inbound1912/20/2018 4:10:19 PM22.09 
3sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60HTTP-PROXYDeny all Inbound1512/20/2018 4:09:37 PM17.44 
4sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60EROOM-HOSTDeny all Inbound0412/20/2018 4:17:31 PM4.65 
5sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60OUTLOOK-WEBDeny all Inbound0312/20/2018 4:15:55 PM3.49 
6sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60SOAPDeny all Inbound0212/20/2018 4:13:17 PM2.33 
7sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60ACTIVESYNCDeny all Inbound0212/20/2018 4:17:38 PM2.33 
8203.19.128.3067.213.65.60UNKNOWN-TCPDeny all Inbound0212/20/2018 10:31:26 PM2.33 
936.248.63.20767.213.65.60HTTP-PROXYDeny all Inbound0212/20/2018 10:35:08 PM2.33 
105.39.218.1767.213.65.59COTPDeny all Inbound0112/20/2018 3:18:48 AM1.16 
115.39.218.1767.213.65.60COTPDeny all Inbound0112/20/2018 3:18:50 AM1.16 
1289.188.125.7067.213.65.59UNKNOWN-TCPDeny all Inbound0112/20/2018 5:51:41 AM1.16 
13171.13.14.1967.213.65.60HTTP-PROXYDeny all Inbound0112/20/2018 7:56:44 AM1.16 
14196.201.197.8267.213.65.60UNKNOWN-TCPDeny all Inbound0112/20/2018 9:08:34 AM1.16 
1576.51.559e.ip4.static.sl-reverse.com (158.85.81.118)67.213.65.59TWITTER-BASEDeny all Inbound0112/20/2018 1:29:26 PM1.16 
16sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60NAGIOSDeny all Inbound0112/20/2018 4:15:53 PM1.16 
1725.80.01a8.ip4.static.sl-reverse.com (168.1.128.37)67.213.65.60TWITTER-BASEDeny all Inbound0112/20/2018 5:33:09 PM1.16 
18171.13.14.767.213.65.60HTTP-PROXYDeny all Inbound0112/20/2018 7:49:32 PM1.16 
19146.185.239.2567.213.65.59COTPDeny all Inbound0112/20/2018 8:02:12 PM1.16 
2046x146x220x74.static-business.perm.ertelecom.ru (46.146.220.74)67.213.65.60HTTP-PROXYDeny all Inbound0112/20/2018 10:06:26 PM1.16 
21123.191.144.7967.213.65.60HTTP-PROXYDeny all Inbound0112/20/2018 10:35:09 PM1.16 
22119.118.8.2667.213.65.60HTTP-PROXYDeny all Inbound0112/20/2018 10:35:10 PM1.16 
23111.85.179.17267.213.65.60HTTP-PROXYDeny all Inbound0112/20/2018 10:35:10 PM1.16 
2436.32.40.9967.213.65.60HTTP-PROXYDeny all Inbound0112/20/2018 10:35:12 PM1.16 
25182.138.137.5367.213.65.60HTTP-PROXYDeny all Inbound0112/20/2018 10:35:13 PM1.16 
26dns142.online.tj.cn (111.162.149.142)67.213.65.60HTTP-PROXYDeny all Inbound0112/20/2018 10:35:14 PM1.16 
27223.14.181.1667.213.65.60HTTP-PROXYDeny all Inbound0112/20/2018 10:35:15 PM1.16 

Top 50 denied protocols and reasons

NoProtocolReasonDenials%Comment
1HTTP-PROXYDeny all Inbound2731.40 
2UNKNOWN-TCPDeny all Inbound2326.74 
3WEBDAVDeny all Inbound1922.09 
4EROOM-HOSTDeny all Inbound044.65 
5COTPDeny all Inbound033.49 
6OUTLOOK-WEBDeny all Inbound033.49 
7TWITTER-BASEDeny all Inbound022.33 
8SOAPDeny all Inbound022.33 
9ACTIVESYNCDeny all Inbound022.33 
10NAGIOSDeny all Inbound011.16 

Firewall: altfirewall01.eventid.net - Interfaces: VPN - Go to top

Sources (1 unique)

NoSourceBytes%Comment
110.10.5.10244,129,161100.00 

Destinations (2 unique)

NoDestinationBytes%Comment
1eventmaster5.altairdemo.local (192.168.5.55)22,348,50250.6421 denials recorded on 5/28/2017 9:52:05 PM
2ubuntu07.altairdemo.local (192.168.5.20)21,780,65949.36 




Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
110.10.5.102WEB-BROWSING5844,120,77399.98 
210.10.5.102TCP/0228,3880.02 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
110.10.5.102eventmaster5.altairdemo.local (192.168.5.55)WEB-BROWSING1722,344,36250.6321 denials recorded on 5/28/2017 9:52:05 PM
210.10.5.102ubuntu07.altairdemo.local (192.168.5.20)WEB-BROWSING4121,776,41149.35 
310.10.5.102ubuntu07.altairdemo.local (192.168.5.20)TCP/0124,2480.01 
410.10.5.102eventmaster5.altairdemo.local (192.168.5.55)TCP/0104,1400.01 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1WEB-BROWSING5844,120,77399.98 
2TCP/0228,3880.02 



Firewall: altfirewall01.eventid.net - Interfaces: ethernet1/5 to - Go to top

Top 50 denied sources

NoSourceConnectionsFirst denial%Comment
1sn061.s02.sjc01.qualys.com (64.39.103.61)7,31112/20/2018 4:08:44 PM26.43 
2172-245-11-242-host.colocrossing.com (172.245.11.242)6,97312/19/2018 11:57:29 PM25.21 
3180.244.128.1901,78412/19/2018 11:58:37 PM06.45 
4server1.amanka.top (216.189.157.15)78012/19/2018 11:57:50 PM02.82 
5info.gmails.top (107.174.218.96)73212/20/2018 1:34:44 AM02.65 
6host12.dfhgjhhh.com (47.88.15.216)67812/20/2018 3:09:06 AM02.45 
7crawl-66-249-64-66.googlebot.com (66.249.64.66)64412/20/2018 2:39:54 PM02.33 
893-158-161-81.spider.yandex.com (93.158.161.81)60012/20/2018 12:27:49 AM02.17 
9188.130.132.15044112/20/2018 4:44:03 AM01.59 
10116.231.131.7342512/20/2018 12:02:59 AM01.54 
1177.72.85.1740312/20/2018 12:02:12 AM01.46 
12180.244.235.7819512/20/2018 8:13:05 AM00.70 
13139.199.158.10719312/20/2018 6:15:54 AM00.70 
14135.84.243.1118412/20/2018 2:15:57 AM00.67 
15216.244.66.19814112/20/2018 12:02:35 AM00.51 
1677.72.82.15812412/20/2018 12:15:38 AM00.45 
17219.82.203.3311112/20/2018 6:01:15 AM00.40 
18223.73.108.810512/19/2018 11:58:46 PM00.38 
19181.214.87.1210512/20/2018 12:01:52 AM00.38 
20107-172-193-244-host.colocrossing.com (107.172.193.244)7512/20/2018 12:22:00 AM00.27 
2177.72.82.1477312/20/2018 12:08:46 AM00.26 
22i188.datasoft.ws (209.126.69.188)7012/20/2018 12:34:39 AM00.25 
2377.72.82.156612/20/2018 12:02:57 AM00.24 
2495.215.1.376412/20/2018 1:28:58 AM00.23 
25180.253.144.2146412/20/2018 2:14:15 PM00.23 
26180.245.163.1736012/20/2018 10:37:52 AM00.22 
2777.72.82.805512/20/2018 12:28:25 AM00.20 
28191.101.167.775412/20/2018 12:33:55 AM00.20 
2977.72.82.115412/20/2018 1:40:58 AM00.20 
30191.101.167.2355312/20/2018 12:20:14 AM00.19 
3177.72.85.105212/20/2018 12:51:56 AM00.19 
3277.72.82.1755012/20/2018 12:39:16 AM00.18 
33180.253.40.1645012/20/2018 6:56:31 PM00.18 
34191.101.167.2524912/20/2018 12:38:05 AM00.18 
35180.245.65.2194812/20/2018 12:22:30 AM00.17 
3677.72.82.974412/20/2018 12:10:50 AM00.16 
37191.101.167.1674112/20/2018 12:23:36 AM00.15 
38163-172-25-36.rev.poneytelecom.eu (163.172.25.36)3912/19/2018 11:59:44 PM00.14 
39223.73.191.303912/20/2018 12:16:56 AM00.14 
40163-172-12-206.rev.poneytelecom.eu (163.172.12.206)3412/20/2018 4:12:22 AM00.12 
41192.162.102.833212/20/2018 5:01:25 AM00.12 
4275-145-156-49-illinois.hfc.comcastbusiness.net (75.145.156.49)3012/20/2018 11:41:12 AM00.11 
43181.214.87.2392812/20/2018 1:07:20 AM00.10 
44139.60.160.2512812/20/2018 6:48:01 AM00.10 
45180.244.157.542512/20/2018 5:05:22 AM00.09 
4664.68.154.27.broad.xm.fj.dynamic.163data.com.cn (27.154.68.64)2312/20/2018 1:15:09 AM00.08 
47134.119.214.1412212/20/2018 1:04:24 AM00.08 
48180.245.47.1292212/20/2018 8:31:26 PM00.08 
49216.158.238.2102112/20/2018 12:04:24 AM00.08 
505.188.10.1082112/20/2018 12:38:47 AM00.08 

Top 50 destinations for denied connections

NoDestinationConnectionsFirst denial%Comment
167.213.65.6024,98212/19/2018 11:57:26 PM90.31 
267.213.65.592,67612/19/2018 11:57:26 PM09.67 
367.213.65.580612/20/2018 7:03:07 AM00.02 

Top 50 denied protocols

NoDenied protocolConnectionsFirst denial%Comment
1TCP/80 - http10,93312/19/2018 11:57:29 PM39.52 
2TCP/25 - smtp3,53412/19/2018 11:57:50 PM12.77 
3TCP/445 - netbios1,02112/19/2018 11:58:50 PM03.69 
4TCP/23 - telnet85712/20/2018 12:00:23 AM03.10 
5TCP/22 - ssh28512/20/2018 12:25:43 AM01.03 
6TCP/21 - ftp24312/19/2018 11:58:16 PM00.88 
7UDP/137 - netbios23712/20/2018 12:27:29 AM00.86 
8TCP/1433 - ms sql23012/19/2018 11:59:38 PM00.83 
9TCP/110 - pop314312/20/2018 12:01:26 AM00.52 
10UDP/506012812/20/2018 12:12:29 AM00.46 
11ICMP/012612/20/2018 12:10:34 AM00.46 
12TCP/232312112/20/2018 12:05:03 AM00.44 
13TCP/5091710012/20/2018 2:24:58 AM00.36 
14TCP/3389 - ms rdp9912/20/2018 12:58:47 AM00.36 
15TCP/85459112/20/2018 12:04:24 AM00.33 
16TCP/509188112/20/2018 2:15:57 AM00.29 
17TCP/8080 - http proxy6912/20/2018 1:17:26 AM00.25 
18TCP/139 - netbios4012/20/2018 9:27:21 AM00.14 
19TCP/111 - sun rpc4012/20/2018 4:08:44 PM00.14 
20TCP/53 - dns3812/20/2018 12:23:36 AM00.14 
21TCP/3128 - squid-http3812/20/2018 8:21:25 AM00.14 
22TCP/20 - ftp-data3812/20/2018 4:08:47 PM00.14 
23TCP/135 - ms rpc3712/20/2018 12:25:50 AM00.13 
24TCP/1080 - socks proxy3712/20/2018 5:41:36 AM00.13 
25TCP/2049 - nfs3712/20/2018 4:08:49 PM00.13 
26UDP/53 - dns3612/20/2018 12:29:03 AM00.13 
27TCP/5133612/20/2018 1:07:23 AM00.13 
28TCP/1521 - oracle3612/20/2018 3:39:58 AM00.13 
29TCP/13612/20/2018 10:13:31 AM00.13 
30TCP/143 - imap3512/20/2018 8:42:56 AM00.13 
31TCP/67 - dhcp3512/20/2018 9:38:33 AM00.13 
32TCP/113 - ident3512/20/2018 4:08:47 PM00.13 
33TCP/73412/20/2018 4:08:48 PM00.12 
34TCP/113412/20/2018 4:08:48 PM00.12 
35TCP/793412/20/2018 4:08:48 PM00.12 
36TCP/1027 - icq3412/20/2018 4:08:48 PM00.12 
37TCP/10283412/20/2018 4:08:49 PM00.12 
38TCP/10293412/20/2018 4:08:49 PM00.12 
39TCP/15243412/20/2018 4:08:49 PM00.12 
40TCP/1723 - pptp3412/20/2018 4:08:49 PM00.12 
41TCP/60003412/20/2018 4:08:49 PM00.12 
42TCP/327713412/20/2018 4:08:49 PM00.12 
43UDP/161 - snmp3212/19/2018 11:59:27 PM00.12 
44UDP/123 - ntp3112/20/2018 12:37:31 AM00.11 
45TCP/9123112/20/2018 4:08:48 PM00.11 
46TCP/27643112/20/2018 4:08:49 PM00.11 
47TCP/245673112/20/2018 4:08:49 PM00.11 
48TCP/487623112/20/2018 4:08:49 PM00.11 
49UDP/1900 - univ. plug-and-play2812/20/2018 12:11:21 AM00.10 
50TCP/81 - http2812/20/2018 1:01:50 AM00.10 



Top 50 denial reasons

NoDenial reasonConnectionsFirst denial%Comment
1Deny all Inbound16,70312/19/2018 11:57:26 PM60.38 
2Deny abusers7,38112/19/2018 11:57:29 PM26.68 
3Deny 404 abusers - Dynamic3,58012/19/2018 11:58:37 PM12.94 



Top 50 denied sources, destinations, protocols and reasons

NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
1172-245-11-242-host.colocrossing.com (172.245.11.242)67.213.65.60TCP/80 - httpDeny abusers6,97312/19/2018 11:57:29 PM25.21 
2180.244.128.19067.213.65.60TCP/80 - httpDeny 404 abusers - Dynamic1,78412/19/2018 11:58:37 PM6.45 
3server1.amanka.top (216.189.157.15)67.213.65.60TCP/25 - smtpDeny all Inbound78012/19/2018 11:57:50 PM2.82 
4info.gmails.top (107.174.218.96)67.213.65.60TCP/25 - smtpDeny all Inbound73212/20/2018 1:34:44 AM2.65 
5host12.dfhgjhhh.com (47.88.15.216)67.213.65.60TCP/25 - smtpDeny all Inbound67812/20/2018 3:09:06 AM2.45 
6crawl-66-249-64-66.googlebot.com (66.249.64.66)67.213.65.60TCP/80 - httpDeny 404 abusers - Dynamic64412/20/2018 2:39:54 PM2.33 
793-158-161-81.spider.yandex.com (93.158.161.81)67.213.65.60TCP/80 - httpDeny 404 abusers - Dynamic59412/20/2018 12:27:49 AM2.15 
8188.130.132.15067.213.65.60TCP/25 - smtpDeny all Inbound44112/20/2018 4:44:03 AM1.59 
9116.231.131.7367.213.65.60TCP/25 - smtpDeny all Inbound42512/20/2018 12:02:59 AM1.54 
10180.244.235.7867.213.65.60TCP/80 - httpDeny 404 abusers - Dynamic19512/20/2018 8:13:05 AM0.70 
11139.199.158.10767.213.65.60TCP/80 - httpDeny abusers19312/20/2018 6:15:54 AM0.70 
12216.244.66.19867.213.65.60TCP/80 - httpDeny abusers14112/20/2018 12:02:35 AM0.51 
13219.82.203.3367.213.65.60TCP/25 - smtpDeny all Inbound11112/20/2018 6:01:15 AM0.40 
14223.73.108.867.213.65.60TCP/25 - smtpDeny all Inbound10512/19/2018 11:58:46 PM0.38 
15135.84.243.1167.213.65.59TCP/50917Deny all Inbound10012/20/2018 2:24:58 AM0.36 
16135.84.243.1167.213.65.60TCP/50918Deny all Inbound8112/20/2018 2:15:57 AM0.29 
17107-172-193-244-host.colocrossing.com (107.172.193.244)67.213.65.60TCP/110 - pop3Deny all Inbound7512/20/2018 12:22:00 AM0.27 
18i188.datasoft.ws (209.126.69.188)67.213.65.60TCP/80 - httpDeny 404 abusers - Dynamic7012/20/2018 12:34:39 AM0.25 
19180.253.144.21467.213.65.60TCP/80 - httpDeny 404 abusers - Dynamic6412/20/2018 2:14:15 PM0.23 
20180.245.163.17367.213.65.60TCP/80 - httpDeny 404 abusers - Dynamic6012/20/2018 10:37:52 AM0.22 
21180.253.40.16467.213.65.60TCP/80 - httpDeny 404 abusers - Dynamic5012/20/2018 6:56:31 PM0.18 
22180.245.65.21967.213.65.60TCP/80 - httpDeny 404 abusers - Dynamic4812/20/2018 12:22:30 AM0.17 
23sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/111 - sun rpcDeny all Inbound4012/20/2018 4:08:44 PM0.14 
24223.73.191.3067.213.65.60TCP/25 - smtpDeny all Inbound3912/20/2018 12:16:56 AM0.14 
25sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/20 - ftp-dataDeny all Inbound3812/20/2018 4:08:47 PM0.14 
26sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/25 - smtpDeny all Inbound3712/20/2018 4:08:44 PM0.13 
27sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/21 - ftpDeny all Inbound3712/20/2018 4:08:44 PM0.13 
28sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/22 - sshDeny all Inbound3712/20/2018 4:08:44 PM0.13 
29sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/23 - telnetDeny all Inbound3712/20/2018 4:08:44 PM0.13 
30sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/2049 - nfsDeny all Inbound3712/20/2018 4:08:49 PM0.13 
31sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/53 - dnsDeny all Inbound3612/20/2018 4:08:48 PM0.13 
32sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/1080 - socks proxyDeny all Inbound3612/20/2018 4:08:49 PM0.13 
33sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/8080 - http proxyDeny all Inbound3612/20/2018 4:08:49 PM0.13 
34sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/139 - netbiosDeny all Inbound3612/20/2018 4:08:49 PM0.13 
35sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/110 - pop3Deny all Inbound3512/20/2018 4:08:44 PM0.13 
36sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/135 - ms rpcDeny all Inbound3512/20/2018 4:08:44 PM0.13 
37sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/113 - identDeny all Inbound3512/20/2018 4:08:47 PM0.13 
38sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/445 - netbiosDeny all Inbound3412/20/2018 4:08:48 PM0.12 
39sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/1Deny all Inbound3412/20/2018 4:08:48 PM0.12 
40sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/7Deny all Inbound3412/20/2018 4:08:48 PM0.12 
41sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/11Deny all Inbound3412/20/2018 4:08:48 PM0.12 
42sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/67 - dhcpDeny all Inbound3412/20/2018 4:08:48 PM0.12 
43sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/79Deny all Inbound3412/20/2018 4:08:48 PM0.12 
44sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/143 - imapDeny all Inbound3412/20/2018 4:08:48 PM0.12 
45sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/513Deny all Inbound3412/20/2018 4:08:48 PM0.12 
46sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/1027 - icqDeny all Inbound3412/20/2018 4:08:48 PM0.12 
47sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/1028Deny all Inbound3412/20/2018 4:08:49 PM0.12 
48sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/1029Deny all Inbound3412/20/2018 4:08:49 PM0.12 
49sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/1521 - oracleDeny all Inbound3412/20/2018 4:08:49 PM0.12 
50sn061.s02.sjc01.qualys.com (64.39.103.61)67.213.65.60TCP/1524Deny all Inbound3412/20/2018 4:08:49 PM0.12 

Top 50 denied protocols and reasons

NoProtocolReasonDenials%Comment
1TCP/80 - httpDeny abusers7,37326.65 
2TCP/80 - httpDeny 404 abusers - Dynamic3,56012.87 
3TCP/25 - smtpDeny all Inbound3,53412.77 
4TCP/445 - netbiosDeny all Inbound1,0073.64 
5TCP/23 - telnetDeny all Inbound8573.10 
6TCP/22 - sshDeny all Inbound2851.03 
7TCP/21 - ftpDeny all Inbound2430.88 
8UDP/137 - netbiosDeny all Inbound2370.86 
9TCP/1433 - ms sqlDeny all Inbound2300.83 
10TCP/110 - pop3Deny all Inbound1430.52 
11UDP/5060Deny all Inbound1280.46 
12ICMP/0Deny all Inbound1260.46 
13TCP/2323Deny all Inbound1210.44 
14TCP/50917Deny all Inbound1000.36 
15TCP/3389 - ms rdpDeny all Inbound990.36 
16TCP/8545Deny all Inbound910.33 
17TCP/50918Deny all Inbound810.29 
18TCP/8080 - http proxyDeny all Inbound690.25 
19TCP/139 - netbiosDeny all Inbound400.14 
20TCP/111 - sun rpcDeny all Inbound400.14 
21TCP/53 - dnsDeny all Inbound380.14 
22TCP/3128 - squid-httpDeny all Inbound380.14 
23TCP/20 - ftp-dataDeny all Inbound380.14 
24TCP/135 - ms rpcDeny all Inbound370.13 
25TCP/1080 - socks proxyDeny all Inbound370.13 
26TCP/2049 - nfsDeny all Inbound370.13 
27UDP/53 - dnsDeny all Inbound360.13 
28TCP/513Deny all Inbound360.13 
29TCP/1521 - oracleDeny all Inbound360.13 
30TCP/1Deny all Inbound360.13 
31TCP/143 - imapDeny all Inbound350.13 
32TCP/67 - dhcpDeny all Inbound350.13 
33TCP/113 - identDeny all Inbound350.13 
34TCP/7Deny all Inbound340.12 
35TCP/11Deny all Inbound340.12 
36TCP/79Deny all Inbound340.12 
37TCP/1027 - icqDeny all Inbound340.12 
38TCP/1028Deny all Inbound340.12 
39TCP/1029Deny all Inbound340.12 
40TCP/1524Deny all Inbound340.12 
41TCP/1723 - pptpDeny all Inbound340.12 
42TCP/6000Deny all Inbound340.12 
43TCP/32771Deny all Inbound340.12 
44UDP/161 - snmpDeny all Inbound320.12 
45UDP/123 - ntpDeny all Inbound310.11 
46TCP/912Deny all Inbound310.11 
47TCP/2764Deny all Inbound310.11 
48TCP/24567Deny all Inbound310.11 
49TCP/48762Deny all Inbound310.11 
50UDP/1900 - univ. plug-and-playDeny all Inbound280.10 

Firewall: altfirewall01.eventid.net - Interfaces: tunnel.1 to - Go to top

Top 50 denied sources

NoSourceConnectionsFirst denial%Comment
110.10.10.13,42412/20/2018 12:06:08 AM100.00 

Top 50 destinations for denied connections

NoDestinationConnectionsFirst denial%Comment
1192.168.5.561,71312/20/2018 12:06:29 AM50.03 
2eventmaster5.altairdemo.local (192.168.5.55)1,71112/20/2018 12:06:08 AM49.9721 denials recorded on 5/28/2017 9:52:05 PM

Top 50 denied protocols

NoDenied protocolConnectionsFirst denial%Comment
1TCP/445 - netbios3,42412/20/2018 12:06:08 AM100.00 

Top 50 denial reasons

NoDenial reasonConnectionsFirst denial%Comment
1Deny all Inbound3,42412/20/2018 12:06:08 AM100.0021 denials recorded on 5/28/2017 9:52:05 PM

Top 50 denied sources, destinations, protocols and reasons

NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
110.10.10.1192.168.5.56TCP/445 - netbiosDeny all Inbound1,71312/20/2018 12:06:29 AM50.03 
210.10.10.1eventmaster5.altairdemo.local (192.168.5.55)TCP/445 - netbiosDeny all Inbound1,71112/20/2018 12:06:08 AM49.9721 denials recorded on 5/28/2017 9:52:05 PM

Top 50 denied protocols and reasons

NoProtocolReasonDenials%Comment
1TCP/445 - netbiosDeny all Inbound3,424100.00 

Analysis details

Analysis start time1/2/2018 10:42:25 AM
Analysis duration19.80 minutes (1188 seconds)
Analysis engine version
FireGen40Service.exe - FireGen scheduler service: 4.1.9.0
Filtering criteriaAll entries
Excluded keywordsNone

Glossary

!!!Indicates that a high denials:connections ration has been detected. The current configured ratio is 3. The !!! indicates that the percentage of denials for that hour is bigger than 3 x the connections percentage. This indicates some unusual denial activity that may have to be investigated. The ratio can be configured on the Report Formats interface.
Other messagesThe Other messages represents a list of message not yet configured in the Firegen parser. Please send these messages to us (support@firegen.com) and we will add them in the next Firegen update. These messages are included in the list of message types but they are not yet fully understood by the analyzer.