Logo firegen home | support | forums | tcp/ip ports

Altair Technologies - Firegen report generated on 1/2/2018 3:57:59 PM

InfoValue
Analysis profileAnalysis profile Dell SonicWALL
Analyzed log(s)E:\Logs\Sonicwall\syslog-2006-09-28.log (26.00 MB)
Firewall typeSonicwall
Analysis intervalAll entries in the specified log

Firewalls

NoFirewallConnectionsTraffic (MB)DenialsWarningsURLsInfoIDSACLUnknown
164.50.46.22654,122824.818,297090000000000

Firewall: 64.50.46.226

Anomaly report

Based on the analysis of 0 historical records, this set of data appears to be within the normal values.

Please note that the anomaly prediction algorithm only describes the commonality of the current statistics when compared with the previous analysis restuls. There might be specific issues that are not part of the analysis and that can still indicate a potential problem.

Message types

NoCodeMessage sampleCount

64.50.46.226 - Traffic and denials per hour









HourTraffic (MB)%Connections%Denials%
00-0152.006.423,0684.92770.93
01-0210.001.251,7542.81700.84
02-0311.001.361,7232.76490.59
03-0413.001.661,3412.15140.17
04-0508.000.971,2972.08160.19
05-0617.002.181,1601.86060.07
06-0702.000.301,1081.78080.10
07-08107.0013.061,4482.32100.12
08-0925.003.131,4872.38180.22
09-1007.000.901,4352.30180.22
10-1106.000.781,5672.51120.14
11-1238.004.681,4972.40060.07
12-1305.000.631,5642.51140.17
13-1420.002.542,0003.20160.19
14-1513.001.612,5644.11260.31
15-1633.004.034,1036.578249.93
16-1758.007.075,0088.0287110.50
17-1870.008.584,6587.461,14813.84
18-1962.007.583,5695.727398.91
19-2046.005.673,8846.221,09913.25
20-2138.004.694,1466.648259.94
21-2225.003.124,4827.1894911.44
22-2349.005.993,7395.9989810.82
23-2497.0011.793,8176.125847.04

64.50.46.226 - Interfaces

NoInterfacesConnectionsMB%DenialsWarningsACLsIDS
1DMZ to LAN2000.0000.0000000000
2DMZ to WAN2200.0200.0000000000
3LAN to DMZ3200.6400.0800000000
4LAN to WAN45,852531.9864.507,199000000
5WAN to DMZ883172.6120.9300000000
6WAN to LAN7,313119.5614.5000000000
7LAN to LAN0000.0000.001,074000000
8WAN to WAN0000.0000.0024000000
9Not specified0000.0000.0000090000
 Total54,122824.81 8,297090000

Firewall: 64.50.46.226 - Interfaces: DMZ to LAN - Go to top

Sources (1 unique)

NoSourceBytes%Comment
164.50.46.2312,566100.00 

Destinations (2 unique)

NoDestinationBytes%Comment
1192.168.1.21,30650.90 
264.50.46.2261,26049.10 




Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
164.50.46.231DNS061,30650.90 
264.50.46.231TCP/113 - ident141,26049.10 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
164.50.46.231192.168.1.2DNS061,30650.90 
264.50.46.23164.50.46.226TCP/113 - ident141,26049.10 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1DNS061,30650.90 
2TCP/113 - ident141,26049.10 



Firewall: 64.50.46.226 - Interfaces: DMZ to WAN - Go to top

Sources (1 unique)

NoSourceBytes%Comment
164.50.46.23121,559100.00 

Destinations (6 unique)

NoDestinationBytes%Comment
165.106.7.19620,82196.58 
2211.23.87.382120.98 
370.190.3.941800.83 
465.106.1.1961340.62 
5202.88.79.1521060.49 
661.221.69.281060.49 




Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
164.50.46.231DNS1720,95597.20 
264.50.46.231TCP/113 - ident056042.80 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
164.50.46.23165.106.7.196DNS1620,82196.58 
264.50.46.231211.23.87.38TCP/113 - ident022120.98 
364.50.46.23170.190.3.94TCP/113 - ident011800.83 
464.50.46.23165.106.1.196DNS011340.62 
564.50.46.231202.88.79.152TCP/113 - ident011060.49 
664.50.46.23161.221.69.28TCP/113 - ident011060.49 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1DNS1720,95597.20 
2TCP/113 - ident056042.80 



Firewall: 64.50.46.226 - Interfaces: LAN to DMZ - Go to top

Sources (1 unique)

NoSourceBytes%Comment
1192.168.1.100666,845100.00 

Destinations (1 unique)

NoDestinationBytes%Comment
164.50.46.231666,845100.00 


Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
1192.168.1.100HTTP14432,27164.82 
2192.168.1.100FTP16227,63434.14 
3192.168.1.100TCP/32804016,3170.95 
4192.168.1.100TCP/32803016230.09 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
1192.168.1.10064.50.46.231HTTP14432,27164.82 
2192.168.1.10064.50.46.231FTP16227,63434.14 
3192.168.1.10064.50.46.231TCP/32804016,3170.95 
4192.168.1.10064.50.46.231TCP/32803016230.09 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1HTTP14432,27164.82 
2FTP16227,63434.14 
3TCP/32804016,3170.95 
4TCP/32803016230.09 



Firewall: 64.50.46.226 - Interfaces: LAN to WAN - Go to top

Top 50 sources out of 52 unique sources

NoSourceBytes%Comment
1192.168.1.881,827,03714.67 
2192.168.1.6857,962,52510.39 
3192.168.1.23956,230,08310.08 
4192.168.1.17742,771,5427.672 denials recorded on 1/7/2008 5:25:20 AM
5192.168.1.9635,776,3136.4111 denials recorded on 1/6/2008 11:11:33 PM
6192.168.1.10033,459,9366.00 
7192.168.1.17533,209,1155.95 
8192.168.1.24426,465,6014.74 
9192.168.1.8223,020,5114.13 
10192.168.1.19414,595,2522.62 
11192.168.1.9812,647,5352.27 
12192.168.1.17111,978,9032.15 
13192.168.1.12011,148,8092.00 
14192.168.1.20010,382,4471.86 
15192.168.1.23710,204,3231.83 
16192.168.1.729,040,2201.62 
17192.168.1.928,414,3301.51 
18192.168.1.878,173,9671.47 
19192.168.1.907,486,3361.34 
20192.168.1.856,596,0181.18 
21192.168.1.736,559,6351.18 
22192.168.1.936,136,8141.10 
23192.168.1.954,859,0000.87 
24192.168.1.1034,715,7150.85 
25192.168.1.1024,657,1310.83 
26192.168.1.914,453,0270.80 
27192.168.1.864,445,9810.80 
28192.168.1.813,689,7820.66 
29192.168.1.703,020,7380.54 
30192.168.1.1062,956,4890.53 
31192.168.1.942,603,6750.47 
32192.168.1.1142,203,9240.403 denials recorded on 1/7/2008 9:56:48 AM
33192.168.1.202,017,3780.36 
34192.168.1.1091,235,6280.22 
35192.168.1.125767,9170.14 
36192.168.1.152646,2080.12 
37192.168.1.66303,1020.05 
38192.168.1.5192,7730.03 
39192.168.1.7161,8340.03 
40192.168.1.15161,1120.03 
41192.168.1.146132,3810.02 
42192.168.1.2106,1700.02 
43192.168.1.131102,0010.02 
44192.168.1.182101,4050.02 
45192.168.1.14894,0520.02 
46192.168.1.20887,5520.02 
47192.168.1.1217,0330.00 
48192.168.1.14,5410.00 
49192.168.1.1583,1780.00 
50192.168.1.1613990.00 



Top 50 destinations out of 3247 unique destinations

NoDestinationBytes%Comment
1209.183.217.141104,589,67018.75 
2206.65.171.16744,165,4727.92 
372.14.223.9126,833,9604.81 
4206.251.241.2720,913,0233.75 
566.232.107.17017,204,6733.08 
664.62.243.20814,896,3332.67 
7209.73.191.4613,504,6652.42 
866.179.20.17213,462,5802.41 
966.132.183.1112,014,3492.15 
1080.246.32.6411,398,9172.04 
11216.122.145.13810,259,0021.84 
1268.6.19.39,371,2291.68 
13210.161.32.2336,025,2111.08 
14210.161.32.2225,497,3590.99 
1572.18.130.1595,243,3270.94 
1624.54.92.125,023,5620.90 
1768.142.213.1355,004,7570.90 
18210.161.32.2324,441,8540.80 
1964.233.167.194,203,6460.75 
2064.233.179.933,273,2180.59 
2165.106.1.1963,095,9040.56 
2269.50.1.812,892,2760.52 
23216.178.34.342,857,7760.51 
24199.200.9.292,813,4840.50 
25207.178.138.1222,692,1720.48 
26209.160.66.1302,679,0150.48 
27137.201.240.832,640,9450.47 
28209.87.114.742,638,7380.47 
29171.161.162.1592,621,7860.47 
30212.250.3.422,567,8210.46 
3169.93.73.22,566,0770.46 
3268.168.75.812,312,2020.41 
3363.236.75.1892,232,4420.40 
34204.14.234.332,133,6320.38 
35128.59.48.242,114,5900.38 
36216.32.77.271,992,3110.36 
3764.62.243.1921,866,1010.33 
3868.6.19.11,801,7410.32 
3966.106.147.761,671,0640.30 
4066.77.163.931,572,9070.28 
41204.14.234.381,553,3280.28 
4264.18.5.101,539,9260.28 
43216.218.211.341,517,3470.27 
4485.235.130.401,511,7430.27 
4568.168.78.1041,493,7570.27 
4664.86.94.321,489,8770.27 
4767.28.113.741,460,6070.26 
4869.4.32.1361,450,7800.26 
4912.120.21.1101,423,2640.26 
5038.119.130.621,410,8580.25 




Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
1192.168.1.68HTTP55055,675,1379.98 
2192.168.1.239HTTP51446,413,4108.32 
3192.168.1.8SMTP2,61741,478,7537.44 
4192.168.1.8HTTP1,13336,305,2146.51 
5192.168.1.177HTTP1,57934,096,3976.112 denials recorded on 1/7/2008 5:25:20 AM
6192.168.1.100HTTP80332,225,0885.78 
7192.168.1.175HTTP67531,529,7015.65 
8192.168.1.96TCP/3389 - ms rdp0321,743,5933.9011 denials recorded on 1/6/2008 11:11:33 PM
9192.168.1.82HTTP1,18817,822,3633.20 
10192.168.1.96HTTP42913,846,2752.48 
11192.168.1.244TCP/19350113,504,6652.42 
12192.168.1.98TCP/3389 - ms rdp0111,868,3702.13 
13192.168.1.244HTTP1,01011,778,7942.11 
14192.168.1.194TCP/3389 - ms rdp0211,519,7022.07 
15192.168.1.200HTTP1839,537,9821.71 
16192.168.1.237HTTP4699,294,7081.67 
17192.168.1.72HTTP799,040,2201.62 
18192.168.1.239TCP/3389 - ms rdp068,028,7831.44 
19192.168.1.92TCP/3389 - ms rdp028,018,8451.44 
20192.168.1.171TCP/3389 - ms rdp016,909,6041.24 
21192.168.1.87HTTP1836,682,6951.20 
22192.168.1.85HTTP1526,596,0181.18 
23192.168.1.177TCP/3389 - ms rdp065,572,2541.00 
24192.168.1.73TCP/3389 - ms rdp045,511,3560.99 
25192.168.1.93HTTP3345,441,1740.98 
26192.168.1.120HTTP1354,755,0290.85 
27192.168.1.103TCP/3389 - ms rdp024,707,0510.84 
28192.168.1.90TCP/3389 - ms rdp024,652,5290.83 
29192.168.1.102HTTP4254,651,5070.83 
30192.168.1.95HTTP3424,378,7930.78 
31192.168.1.171HTTP3713,742,3890.67 
32192.168.1.82TCP/3389 - ms rdp053,427,9380.61 
33192.168.1.86TCP/3389 - ms rdp033,247,7620.58 
34192.168.1.120TCP/443 - ssl-https593,189,1540.57 
35192.168.1.8DNS9013,168,0910.57 
36192.168.1.177TCP/443 - ssl-https493,102,8910.56 
37192.168.1.194HTTP1843,073,8580.55 
38192.168.1.91TCP/3389 - ms rdp062,911,6410.52 
39192.168.1.106HTTP1622,855,3380.51 
40192.168.1.70TCP/3389 - ms rdp052,732,8830.49 
41192.168.1.81HTTP782,612,8430.47 
42192.168.1.20HTTP1252,015,7290.36 
43192.168.1.82TCP/443 - ssl-https1191,770,2100.32 
44192.168.1.94HTTP1331,708,2140.31 
45192.168.1.87TCP/443 - ssl-https711,491,2720.27 
46192.168.1.171TCP/443 - ssl-https921,326,9100.24 
47192.168.1.114TCP/3389 - ms rdp041,289,1340.233 denials recorded on 1/7/2008 9:56:48 AM
48192.168.1.100TCP/443 - ssl-https221,234,8480.22 
49192.168.1.109TCP/3389 - ms rdp031,219,9160.22 
50192.168.1.90HTTP991,172,1080.21 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
1192.168.1.239206.65.171.167HTTP33344,163,5887.92 
2192.168.1.6872.14.223.91HTTP0226,833,9604.81 
3192.168.1.96209.183.217.141TCP/3389 - ms rdp0321,743,5933.9011 denials recorded on 1/6/2008 11:11:33 PM
4192.168.1.864.62.243.208HTTP1914,896,3332.67 
5192.168.1.244209.73.191.46TCP/19350113,504,6652.42 
6192.168.1.10066.179.20.172HTTP1813,462,5802.41 
7192.168.1.6866.132.183.11HTTP1012,014,3492.15 
8192.168.1.98209.183.217.141TCP/3389 - ms rdp0111,868,3702.13 
9192.168.1.194209.183.217.141TCP/3389 - ms rdp0211,519,7022.07 
10192.168.1.17580.246.32.64HTTP0111,398,9172.042 denials recorded on 1/7/2008 5:25:20 AM
11192.168.1.68216.122.145.138HTTP9610,259,0021.84 
12192.168.1.868.6.19.3SMTP049,371,2291.68 
13192.168.1.7266.232.107.170HTTP048,622,6201.55 
14192.168.1.20066.232.107.170HTTP028,543,0511.53 
15192.168.1.239209.183.217.141TCP/3389 - ms rdp068,028,7831.44 
16192.168.1.92209.183.217.141TCP/3389 - ms rdp028,018,8451.44 
17192.168.1.100206.251.241.27HTTP397,036,9351.26 
18192.168.1.171209.183.217.141TCP/3389 - ms rdp016,909,6041.24 
19192.168.1.85206.251.241.27HTTP996,210,2691.11 
20192.168.1.8210.161.32.233HTTP106,025,2111.08 
21192.168.1.177209.183.217.141TCP/3389 - ms rdp065,572,2541.00 
22192.168.1.73209.183.217.141TCP/3389 - ms rdp045,511,3560.99 
23192.168.1.8210.161.32.222HTTP285,497,3590.99 
24192.168.1.17768.142.213.135HTTP125,004,7570.90 
25192.168.1.23772.18.130.159HTTP054,951,0340.89 
26192.168.1.103209.183.217.141TCP/3389 - ms rdp024,707,0510.84 
27192.168.1.90209.183.217.141TCP/3389 - ms rdp024,652,5290.83 
28192.168.1.8210.161.32.232HTTP034,432,4720.79 
29192.168.1.17724.54.92.12HTTP1994,253,9760.76 
30192.168.1.82209.183.217.141TCP/3389 - ms rdp053,427,9380.61 
31192.168.1.17564.233.179.93HTTP133,273,2180.59 
32192.168.1.86209.183.217.141TCP/3389 - ms rdp033,247,7620.58 
33192.168.1.8264.233.167.19HTTP153,154,6470.57 
34192.168.1.865.106.1.196DNS6603,095,7220.55 
35192.168.1.91209.183.217.141TCP/3389 - ms rdp062,911,6410.52 
36192.168.1.10069.50.1.81HTTP142,892,2760.52 
37192.168.1.177216.178.34.34HTTP022,857,7760.51 
38192.168.1.120199.200.9.29TCP/443 - ssl-https132,813,4840.50 
39192.168.1.70209.183.217.141TCP/3389 - ms rdp052,732,8830.49 
40192.168.1.175209.160.66.130HTTP022,679,0150.48 
41192.168.1.96137.201.240.83HTTP072,640,9450.47 
42192.168.1.8209.87.114.74SMTP932,638,7380.47 
43192.168.1.177171.161.162.159TCP/443 - ssl-https022,621,7860.47 
44192.168.1.120212.250.3.42HTTP062,567,8210.46 
45192.168.1.17769.93.73.2HTTP172,566,0770.46 
46192.168.1.87206.251.241.27HTTP982,242,5350.40 
47192.168.1.23763.236.75.189HTTP422,232,4420.40 
48192.168.1.68206.251.241.27HTTP952,231,1020.40 
49192.168.1.175128.59.48.24HTTP062,114,5900.38 
50192.168.1.100216.32.77.27HTTP1241,992,3110.36 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1HTTP11,791362,281,50364.95 
2TCP/3389 - ms rdp59104,589,67018.75 
3SMTP2,61741,478,7537.44 
4TCP/443 - ssl-https1,13719,473,3583.49 
5TCP/19350113,504,6652.42 
6DNS1,4633,395,9020.61 
7TCP/1148001836,1240.15 
8TCP/1132401616,4140.11 
9TCP/4510101562,5430.10 
10TCP/5512001557,1040.10 
11UNKN/241401536,2970.10 
12TCP/4845501458,1750.08 
13TCP/3309601316,0460.06 
14TCP/4272101315,0960.06 
15NETBIOS-NS234308,5290.06 
16TCP/3545201299,8350.05 
17TCP/407301278,6840.05 
18TCP/5771601274,8840.05 
19UDP/398251,502271,4930.05 
20TCP/222401254,7250.05 
21UDP/57716979253,8760.05 
22UDP/63153985241,6130.04 
23TCP/4083401238,6180.04 
24TCP/5378001216,2150.04 
25UDP/40731,132205,6860.04 
26POP3162166,4290.03 
27UDP/41402709162,1940.03 
28UDP/5544884156,4940.03 
29UDP/41114670152,9670.03 
30TCP/5087701143,9130.03 
31UDP/49085829140,4380.03 
32UDP/55120691128,6220.02 
33UDP/10111613126,0840.02 
34UDP/33096712126,0600.02 
35UDP/30388496121,0480.02 
36UDP/11324675120,6850.02 
37UDP/370 - nai-antivirus-securecast12110,4410.02 
38TCP/3038801110,1120.02 
39UDP/50877602103,9720.02 
40UDP/1148037298,1860.02 
41UDP/347924396,6270.02 
42UDP/139851388,8130.02 
43UDP/4083451086,2210.02 
44UDP/222431080,3700.01 
45UDP/103529480,3020.01 
46UDP/3915343880,3000.01 
47UDP/921032573,5350.01 
48UDP/4272139873,5260.01 
49UDP/6413038072,8840.01 
50UDP/5633826772,6860.01 



Top 50 protocol TCP/3389 - ms rdp: Sources, destinations, and traffic - Unique sources: 18, unique destinations: 1

NoSourceDestinationConnectionsBytesComment
1192.168.1.96209.183.217.1410321,743,59311 denials recorded on 1/6/2008 11:11:33 PM
2192.168.1.98209.183.217.1410111,868,370 
3192.168.1.194209.183.217.1410211,519,702 
4192.168.1.239209.183.217.141068,028,783 
5192.168.1.92209.183.217.141028,018,845 
6192.168.1.171209.183.217.141016,909,6042 denials recorded on 1/7/2008 5:25:20 AM
7192.168.1.177209.183.217.141065,572,254 
8192.168.1.73209.183.217.141045,511,356 
9192.168.1.103209.183.217.141024,707,051 
10192.168.1.90209.183.217.141024,652,529 
11192.168.1.82209.183.217.141053,427,938 
12192.168.1.86209.183.217.141033,247,762 
13192.168.1.91209.183.217.141062,911,641 
14192.168.1.70209.183.217.141052,732,883 
15192.168.1.114209.183.217.141041,289,1343 denials recorded on 1/7/2008 9:56:48 AM
16192.168.1.109209.183.217.141031,219,916 
17192.168.1.244209.183.217.141031,162,885 
18192.168.1.68209.183.217.1410165,424 

Top 50 denied sources

NoSourceConnectionsFirst denial%Comment
1192.168.1.426,9959/28/2006 3:13:04 PM97.17 
2192.168.1.351019/28/2006 8:51:18 PM01.40 
3192.168.1.38459/28/2006 4:08:41 PM00.63 
4192.168.1.40319/28/2006 3:30:21 PM00.43 
5192.168.1.41279/28/2006 3:19:38 PM00.38 

Top 50 destinations for denied connections

NoDestinationConnectionsFirst denial%Comment
164.62.243.1937089/28/2006 4:20:00 PM09.83 
264.86.142.1536789/28/2006 3:13:47 PM09.42 
364.86.142.1446779/28/2006 3:13:48 PM09.40 
464.62.243.2245949/28/2006 4:19:59 PM08.25 
5210.161.32.2163969/28/2006 6:16:13 PM05.50 
6210.161.32.2173969/28/2006 6:16:14 PM05.50 
764.62.243.2143729/28/2006 5:15:44 PM05.17 
84.79.37.142559/28/2006 5:55:47 PM03.54 
94.79.37.92559/28/2006 5:55:48 PM03.54 
10208.172.44.1902289/28/2006 4:40:03 PM03.17 
1165.57.86.622199/28/2006 3:13:06 PM03.04 
12204.2.208.631929/28/2006 5:15:56 PM02.67 
13204.2.208.711929/28/2006 5:15:57 PM02.67 
1461.213.191.2001779/28/2006 7:56:00 PM02.46 
1563.210.62.1901719/28/2006 4:41:36 PM02.38 
1667.72.0.941539/28/2006 3:13:04 PM02.13 
174.78.212.301179/28/2006 4:41:34 PM01.63 
18124.40.42.1101149/28/2006 11:36:15 PM01.58 
19124.40.42.1041149/28/2006 11:36:16 PM01.58 
2061.213.191.2011119/28/2006 7:56:01 PM01.54 
21124.40.42.15879/28/2006 8:16:19 PM01.21 
2269.8.204.254849/28/2006 4:40:04 PM01.17 
23204.70.151.94669/28/2006 10:16:55 PM00.92 
2461.213.191.206669/28/2006 10:56:40 PM00.92 
25124.40.42.24579/28/2006 8:16:18 PM00.79 
26208.172.44.62459/28/2006 9:16:04 PM00.63 
2767.72.4.94459/28/2006 9:36:06 PM00.63 
2863.236.48.222429/28/2006 3:13:05 PM00.58 
2967.29.170.61429/28/2006 8:56:06 PM00.58 
30124.40.42.41399/28/2006 8:17:00 PM00.54 
3164.86.94.17369/28/2006 3:15:24 PM00.50 
3264.86.94.33369/28/2006 3:15:25 PM00.50 
33204.2.208.54339/28/2006 9:17:10 PM00.46 
34204.2.208.70339/28/2006 9:17:11 PM00.46 
35204.2.128.147249/28/2006 6:15:50 PM00.33 
36207.68.173.76249/28/2006 9:06:17 PM00.33 
3763.236.111.222219/28/2006 9:56:08 PM00.29 
3864.152.2.62189/28/2006 8:56:05 PM00.25 
39192.43.244.18139/28/2006 3:19:38 PM00.18 
4066.77.163.99129/28/2006 5:15:34 PM00.17 
4166.77.163.83129/28/2006 5:15:35 PM00.17 
4263.236.6.201129/28/2006 7:15:43 PM00.17 
4363.236.6.203129/28/2006 7:15:44 PM00.17 
44207.68.183.35129/28/2006 8:51:18 PM00.17 
45124.40.42.46099/28/2006 8:17:22 PM00.13 
46207.46.18.30099/28/2006 8:51:19 PM00.13 
47207.46.225.60099/28/2006 9:06:19 PM00.13 
48208.111.145.9069/28/2006 4:08:43 PM00.08 
49208.111.145.10069/28/2006 4:08:44 PM00.08 
50208.111.145.12069/28/2006 4:08:45 PM00.08 

Top 50 denied protocols

NoDenied protocolConnectionsFirst denial%Comment
1TCP/80 - http7,1359/28/2006 3:13:04 PM99.11 
2UDP/123 - ntp649/28/2006 3:19:38 PM00.89 



Top 50 denial reasons

NoDenial reasonConnectionsFirst denial%Comment
1Web access request dropped7,1359/28/2006 3:13:04 PM99.11 
2UDP packet dropped649/28/2006 3:19:38 PM00.89 



Top 50 denied sources, destinations, protocols and reasons

NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
1192.168.1.4264.62.243.193TCP/80 - httpWeb access request dropped7089/28/2006 4:20:00 PM9.83 
2192.168.1.4264.86.142.153TCP/80 - httpWeb access request dropped6789/28/2006 3:13:47 PM9.42 
3192.168.1.4264.86.142.144TCP/80 - httpWeb access request dropped6779/28/2006 3:13:48 PM9.40 
4192.168.1.4264.62.243.224TCP/80 - httpWeb access request dropped5949/28/2006 4:19:59 PM8.25 
5192.168.1.42210.161.32.216TCP/80 - httpWeb access request dropped3969/28/2006 6:16:13 PM5.50 
6192.168.1.42210.161.32.217TCP/80 - httpWeb access request dropped3969/28/2006 6:16:14 PM5.50 
7192.168.1.4264.62.243.214TCP/80 - httpWeb access request dropped3729/28/2006 5:15:44 PM5.17 
8192.168.1.424.79.37.14TCP/80 - httpWeb access request dropped2559/28/2006 5:55:47 PM3.54 
9192.168.1.424.79.37.9TCP/80 - httpWeb access request dropped2559/28/2006 5:55:48 PM3.54 
10192.168.1.42208.172.44.190TCP/80 - httpWeb access request dropped2289/28/2006 4:40:03 PM3.17 
11192.168.1.4265.57.86.62TCP/80 - httpWeb access request dropped2199/28/2006 3:13:06 PM3.04 
12192.168.1.42204.2.208.63TCP/80 - httpWeb access request dropped1929/28/2006 5:15:56 PM2.67 
13192.168.1.42204.2.208.71TCP/80 - httpWeb access request dropped1929/28/2006 5:15:57 PM2.67 
14192.168.1.4261.213.191.200TCP/80 - httpWeb access request dropped1779/28/2006 7:56:00 PM2.46 
15192.168.1.4263.210.62.190TCP/80 - httpWeb access request dropped1719/28/2006 4:41:36 PM2.38 
16192.168.1.4267.72.0.94TCP/80 - httpWeb access request dropped1539/28/2006 3:13:04 PM2.13 
17192.168.1.424.78.212.30TCP/80 - httpWeb access request dropped1179/28/2006 4:41:34 PM1.63 
18192.168.1.42124.40.42.110TCP/80 - httpWeb access request dropped1149/28/2006 11:36:15 PM1.58 
19192.168.1.42124.40.42.104TCP/80 - httpWeb access request dropped1149/28/2006 11:36:16 PM1.58 
20192.168.1.4261.213.191.201TCP/80 - httpWeb access request dropped1119/28/2006 7:56:01 PM1.54 
21192.168.1.42124.40.42.15TCP/80 - httpWeb access request dropped879/28/2006 8:16:19 PM1.21 
22192.168.1.4269.8.204.254TCP/80 - httpWeb access request dropped849/28/2006 4:40:04 PM1.17 
23192.168.1.42204.70.151.94TCP/80 - httpWeb access request dropped669/28/2006 10:16:55 PM0.92 
24192.168.1.4261.213.191.206TCP/80 - httpWeb access request dropped669/28/2006 10:56:40 PM0.92 
25192.168.1.42124.40.42.24TCP/80 - httpWeb access request dropped579/28/2006 8:16:18 PM0.79 
26192.168.1.42208.172.44.62TCP/80 - httpWeb access request dropped459/28/2006 9:16:04 PM0.63 
27192.168.1.4267.72.4.94TCP/80 - httpWeb access request dropped459/28/2006 9:36:06 PM0.63 
28192.168.1.4263.236.48.222TCP/80 - httpWeb access request dropped429/28/2006 3:13:05 PM0.58 
29192.168.1.4267.29.170.61TCP/80 - httpWeb access request dropped429/28/2006 8:56:06 PM0.58 
30192.168.1.42124.40.42.41TCP/80 - httpWeb access request dropped399/28/2006 8:17:00 PM0.54 
31192.168.1.4264.86.94.17TCP/80 - httpWeb access request dropped369/28/2006 3:15:24 PM0.50 
32192.168.1.4264.86.94.33TCP/80 - httpWeb access request dropped369/28/2006 3:15:25 PM0.50 
33192.168.1.42204.2.208.54TCP/80 - httpWeb access request dropped339/28/2006 9:17:10 PM0.46 
34192.168.1.42204.2.208.70TCP/80 - httpWeb access request dropped339/28/2006 9:17:11 PM0.46 
35192.168.1.42204.2.128.147TCP/80 - httpWeb access request dropped249/28/2006 6:15:50 PM0.33 
36192.168.1.35207.68.173.76TCP/80 - httpWeb access request dropped249/28/2006 9:06:17 PM0.33 
37192.168.1.4263.236.111.222TCP/80 - httpWeb access request dropped219/28/2006 9:56:08 PM0.29 
38192.168.1.4264.152.2.62TCP/80 - httpWeb access request dropped189/28/2006 8:56:05 PM0.25 
39192.168.1.4266.77.163.99TCP/80 - httpWeb access request dropped129/28/2006 5:15:34 PM0.17 
40192.168.1.4266.77.163.83TCP/80 - httpWeb access request dropped129/28/2006 5:15:35 PM0.17 
41192.168.1.4263.236.6.201TCP/80 - httpWeb access request dropped129/28/2006 7:15:43 PM0.17 
42192.168.1.4263.236.6.203TCP/80 - httpWeb access request dropped129/28/2006 7:15:44 PM0.17 
43192.168.1.35207.68.183.35TCP/80 - httpWeb access request dropped129/28/2006 8:51:18 PM0.17 
44192.168.1.41192.43.244.18UDP/123 - ntpUDP packet dropped119/28/2006 3:19:38 PM0.15 
45192.168.1.42124.40.42.46TCP/80 - httpWeb access request dropped099/28/2006 8:17:22 PM0.13 
46192.168.1.35207.46.18.30TCP/80 - httpWeb access request dropped099/28/2006 8:51:19 PM0.13 
47192.168.1.35207.46.225.60TCP/80 - httpWeb access request dropped099/28/2006 9:06:19 PM0.13 
48192.168.1.38208.111.145.9TCP/80 - httpWeb access request dropped069/28/2006 4:08:43 PM0.08 
49192.168.1.38208.111.145.10TCP/80 - httpWeb access request dropped069/28/2006 4:08:44 PM0.08 
50192.168.1.38208.111.145.12TCP/80 - httpWeb access request dropped069/28/2006 4:08:45 PM0.08 

Top 50 denied protocols and reasons

NoProtocolReasonDenials%Comment
1TCP/80 - httpWeb access request dropped7,13599.11 
2UDP/123 - ntpUDP packet dropped640.89 

Firewall: 64.50.46.226 - Interfaces: WAN to DMZ - Go to top

Top 50 sources out of 142 unique sources

NoSourceBytes%Comment
188.151.16.21104,567,53257.77 
280.36.104.20634,463,31519.04 
3125.163.23.922,642,70612.51 
4200.52.169.137,409,5754.09 
583.61.165.1196,292,9383.48 
6172.209.242.402,986,1741.65 
770.251.97.224797,5270.44 
872.134.38.184756,3000.42 
9213.170.46.30283,7370.16 
10221.208.208.9049,0980.03 
11221.208.208.9635,9280.02 
12202.97.238.13135,0000.02 
13202.97.238.20233,0000.02 
14221.208.208.8632,9340.02 
15202.97.238.20132,0000.02 
16221.208.208.9831,9360.02 
17202.97.238.19631,9360.02 
18221.208.208.8330,0000.02 
19221.208.208.9929,9400.02 
20202.97.238.13229,9400.02 
21218.247.185.16628,1220.02 
2260.11.125.5328,0000.02 
2361.167.36.327,9540.02 
24221.209.110.4727,2160.02 
25221.208.208.21226,9460.01 
26221.208.208.9225,9480.01 
27202.97.238.19524,0000.01 
2860.11.125.5423,0000.01 
29202.97.238.13422,9540.01 
30218.10.137.14022,0000.01 
3172.30.214.23017,1980.01 
3272.30.61.7917,1980.01 
33221.209.110.5015,9680.01 
3460.31.211.513,1260.01 
35202.97.238.13012,9740.01 
36204.16.209.597,3280.00 
3764.50.43.1885,6400.00 
38202.99.172.1632,7040.00 
3961.221.69.282,0690.00 
4066.249.66.1961,9410.00 
4165.78.248.2251,8960.00 
4265.115.99.261,8410.00 
43204.16.208.231,8360.00 
4424.206.190.1171,6360.00 
4524.124.5.631,6340.00 
46221.203.145.741,5040.00 
4781.116.80.1781,5000.00 
48194.8.33.11,4840.00 
49193.134.131.01,4840.00 
50193.46.220.1831,4840.00 



Destinations (1 unique)

NoDestinationBytes%Comment
164.50.46.231180,994,079100.00 


Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
188.151.16.21HTTP01104,567,53257.77 
280.36.104.206HTTP0634,463,31519.04 
3125.163.23.9HTTP4422,642,70612.51 
4200.52.169.13HTTP097,409,5754.09 
583.61.165.119HTTP076,292,9383.48 
6172.209.242.40HTTP032,986,1741.65 
770.251.97.224HTTP05797,5270.44 
872.134.38.184HTTP03756,3000.42 
9213.170.46.30HTTP18283,7370.16 
10218.247.185.166TCP/22 - ssh0928,1220.02 
1161.167.36.3TCP/22 - ssh0927,9540.02 
12221.208.208.90UDP/1026 - blaster-worm2626,0520.01 
13202.97.238.131UDP/1026 - blaster-worm2424,0000.01 
14221.208.208.90UDP/1027 - blaster-worm2323,0460.01 
15202.97.238.201UDP/1026 - blaster-worm2323,0000.01 
16221.208.208.96UDP/1026 - blaster-worm2019,9600.01 
17202.97.238.132UDP/1026 - blaster-worm2019,9600.01 
18221.208.208.86UDP/1026 - blaster-worm1918,9620.01 
19202.97.238.202UDP/1026 - blaster-worm1818,0000.01 
20221.208.208.92UDP/1026 - blaster-worm1817,9640.01 
21202.97.238.196UDP/1027 - blaster-worm1817,9640.01 
2272.30.214.230HTTP0117,1980.01 
2372.30.61.79HTTP0117,1980.01 
24221.208.208.98UDP/1027 - blaster-worm1716,9660.01 
2560.11.125.54UDP/1027 - blaster-worm1616,0000.01 
26221.208.208.96UDP/1027 - blaster-worm1615,9680.01 
27221.208.208.99UDP/1026 - blaster-worm1615,9680.01 
28221.208.208.83UDP/1027 - blaster-worm1515,0000.01 
29221.208.208.83UDP/1026 - blaster-worm1515,0000.01 
30202.97.238.202UDP/1027 - blaster-worm1515,0000.01 
31221.208.208.98UDP/1026 - blaster-worm1514,9700.01 
32202.97.238.134UDP/1026 - blaster-worm1514,9700.01 
33221.209.110.47UDP/1026 - blaster-worm1414,1120.01 
3460.11.125.53UDP/1026 - blaster-worm1414,0000.01 
3560.11.125.53UDP/1027 - blaster-worm1414,0000.01 
36221.208.208.86UDP/1027 - blaster-worm1413,9720.01 
37202.97.238.196UDP/1026 - blaster-worm1413,9720.01 
38221.208.208.212UDP/1026 - blaster-worm1413,9720.01 
39221.208.208.99UDP/1027 - blaster-worm1413,9720.01 
4060.31.211.5TCP/22 - ssh0613,1260.01 
41221.209.110.47UDP/1027 - blaster-worm1313,1040.01 
42202.97.238.195UDP/1026 - blaster-worm1313,0000.01 
43221.208.208.212UDP/1027 - blaster-worm1312,9740.01 
44218.10.137.140UDP/1027 - blaster-worm1111,0000.01 
45218.10.137.140UDP/1026 - blaster-worm1111,0000.01 
46202.97.238.195UDP/1027 - blaster-worm1111,0000.01 
47202.97.238.131UDP/1027 - blaster-worm1111,0000.01 
48202.97.238.132UDP/1027 - blaster-worm109,9800.01 
49202.97.238.201UDP/1027 - blaster-worm099,0000.00 
50202.97.238.134UDP/1027 - blaster-worm087,9840.00 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
188.151.16.2164.50.46.231HTTP01104,567,53257.77 
280.36.104.20664.50.46.231HTTP0634,463,31519.04 
3125.163.23.964.50.46.231HTTP4422,642,70612.51 
4200.52.169.1364.50.46.231HTTP097,409,5754.09 
583.61.165.11964.50.46.231HTTP076,292,9383.48 
6172.209.242.4064.50.46.231HTTP032,986,1741.65 
770.251.97.22464.50.46.231HTTP05797,5270.44 
872.134.38.18464.50.46.231HTTP03756,3000.42 
9213.170.46.3064.50.46.231HTTP18283,7370.16 
10218.247.185.16664.50.46.231TCP/22 - ssh0928,1220.02 
1161.167.36.364.50.46.231TCP/22 - ssh0927,9540.02 
12221.208.208.9064.50.46.231UDP/1026 - blaster-worm2626,0520.01 
13202.97.238.13164.50.46.231UDP/1026 - blaster-worm2424,0000.01 
14221.208.208.9064.50.46.231UDP/1027 - blaster-worm2323,0460.01 
15202.97.238.20164.50.46.231UDP/1026 - blaster-worm2323,0000.01 
16221.208.208.9664.50.46.231UDP/1026 - blaster-worm2019,9600.01 
17202.97.238.13264.50.46.231UDP/1026 - blaster-worm2019,9600.01 
18221.208.208.8664.50.46.231UDP/1026 - blaster-worm1918,9620.01 
19202.97.238.20264.50.46.231UDP/1026 - blaster-worm1818,0000.01 
20221.208.208.9264.50.46.231UDP/1026 - blaster-worm1817,9640.01 
21202.97.238.19664.50.46.231UDP/1027 - blaster-worm1817,9640.01 
2272.30.214.23064.50.46.231HTTP0117,1980.01 
2372.30.61.7964.50.46.231HTTP0117,1980.01 
24221.208.208.9864.50.46.231UDP/1027 - blaster-worm1716,9660.01 
2560.11.125.5464.50.46.231UDP/1027 - blaster-worm1616,0000.01 
26221.208.208.9664.50.46.231UDP/1027 - blaster-worm1615,9680.01 
27221.208.208.9964.50.46.231UDP/1026 - blaster-worm1615,9680.01 
28221.208.208.8364.50.46.231UDP/1027 - blaster-worm1515,0000.01 
29221.208.208.8364.50.46.231UDP/1026 - blaster-worm1515,0000.01 
30202.97.238.20264.50.46.231UDP/1027 - blaster-worm1515,0000.01 
31221.208.208.9864.50.46.231UDP/1026 - blaster-worm1514,9700.01 
32202.97.238.13464.50.46.231UDP/1026 - blaster-worm1514,9700.01 
33221.209.110.4764.50.46.231UDP/1026 - blaster-worm1414,1120.01 
3460.11.125.5364.50.46.231UDP/1026 - blaster-worm1414,0000.01 
3560.11.125.5364.50.46.231UDP/1027 - blaster-worm1414,0000.01 
36221.208.208.8664.50.46.231UDP/1027 - blaster-worm1413,9720.01 
37202.97.238.19664.50.46.231UDP/1026 - blaster-worm1413,9720.01 
38221.208.208.21264.50.46.231UDP/1026 - blaster-worm1413,9720.01 
39221.208.208.9964.50.46.231UDP/1027 - blaster-worm1413,9720.01 
4060.31.211.564.50.46.231TCP/22 - ssh0613,1260.01 
41221.209.110.4764.50.46.231UDP/1027 - blaster-worm1313,1040.01 
42202.97.238.19564.50.46.231UDP/1026 - blaster-worm1313,0000.01 
43221.208.208.21264.50.46.231UDP/1027 - blaster-worm1312,9740.01 
44218.10.137.14064.50.46.231UDP/1027 - blaster-worm1111,0000.01 
45218.10.137.14064.50.46.231UDP/1026 - blaster-worm1111,0000.01 
46202.97.238.19564.50.46.231UDP/1027 - blaster-worm1111,0000.01 
47202.97.238.13164.50.46.231UDP/1027 - blaster-worm1111,0000.01 
48202.97.238.13264.50.46.231UDP/1027 - blaster-worm109,9800.01 
49202.97.238.20164.50.46.231UDP/1027 - blaster-worm099,0000.00 
50202.97.238.13464.50.46.231UDP/1027 - blaster-worm087,9840.00 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1HTTP110180,243,51799.59 
2UDP/1026 - blaster-worm363372,5480.21 
3UDP/1027 - blaster-worm275274,8200.15 
4TCP/22 - ssh2469,2020.04 
5TCP/445 - netbios358,8360.00 
6UDP/1434 - ms sql monitor075,8520.00 
7FTP055,2060.00 
8TCP/135 - ms rpc143,2280.00 
9UDP/2011,5040.00 
10NETBIOS-SSN061,4060.00 
11ICMP/8 - ping081,3920.00 
12TCP/5900 - vnc051,2200.00 
13NETBIOS-NS061,1040.00 
14TCP/4899 - radmin051,0340.00 
15TCP/1433 - ms sql069320.00 
16SMTP048580.00 
17TCP/1080 - socks proxy054700.00 
18TCP/6101012940.00 
19TCP/3389 - ms rdp012820.00 
20TCP/3306 - mysql012820.00 
21TCP/721201920.00 



Top 50 protocol TCP/3389 - ms rdp: Sources, destinations, and traffic - Unique sources: 1, unique destinations: 1

NoSourceDestinationConnectionsBytesComment
1202.57.134.17064.50.46.23101282 

Firewall: 64.50.46.226 - Interfaces: WAN to LAN - Go to top

Top 50 sources out of 3913 unique sources

NoSourceBytes%Comment
165.83.225.18140,240,63832.10 
224.152.170.21613,736,70210.96 
324.152.169.17810,422,3018.31 
461.144.170.1671,971,2421.57 
568.111.187.151,495,3311.19 
6209.86.89.671,483,2521.18 
7206.251.253.151,176,8750.94 
8203.84.221.131,101,5200.88 
9216.230.115.261,066,6610.85 
10209.232.178.138733,9090.59 
1175.215.197.44666,9210.53 
1212.154.135.15642,1370.51 
13213.170.46.15588,8770.47 
1471.192.180.111559,6760.45 
15209.132.1.202492,0040.39 
1667.175.244.154472,2540.38 
17203.251.126.41405,5450.32 
18216.76.45.66404,5040.32 
19207.46.163.16397,7870.32 
20206.16.192.249355,7910.28 
21205.166.61.207336,2940.27 
22207.188.226.76323,5340.26 
23216.92.127.19318,0750.25 
2475.33.12.108301,6810.24 
2572.70.68.93291,5300.23 
26198.31.62.21291,4330.23 
2765.122.53.10244,2180.19 
28216.24.225.10243,2120.19 
29205.178.146.57237,8160.19 
30206.117.58.161233,5320.19 
3112.9.139.194226,5700.18 
32208.30.46.1189,9820.15 
3387.227.202.60183,4360.15 
3464.113.160.189179,3450.14 
3572.232.89.147173,2450.14 
36204.221.76.200171,6420.14 
3782.140.81.179163,9010.13 
38216.148.62.24145,6280.12 
3975.213.126.213145,2700.12 
40203.86.7.160141,8630.11 
41206.251.241.5139,1520.11 
4267.67.82.142138,8310.11 
43216.102.26.130137,0020.11 
44196.218.120.111132,2910.11 
45208.30.129.67123,9650.10 
4664.158.128.147121,0930.10 
47205.203.131.15108,3830.09 
4866.75.162.135107,9300.09 
49204.221.76.199107,2300.09 
50205.162.40.137101,7790.08 



Destinations (3 unique)

NoDestinationBytes%Comment
1192.168.1.8124,901,16799.63 
264.50.46.226467,0590.37 
3192.168.1.122,5350.00 




Top 50 sources, protocols and bytes

NoSourceProtocolConnectionsBytes%Comment
165.83.225.181SMTP0340,240,63832.10 
224.152.170.216TCP/41250213,160,16410.50 
324.152.169.178TCP/443 - ssl-https10510,420,0118.31 
461.144.170.167SMTP011,971,2421.57 
5209.86.89.67SMTP011,483,2521.18 
668.111.187.15TCP/4125011,307,2021.04 
7206.251.253.15SMTP1801,176,8750.94 
8203.84.221.13SMTP011,101,5200.88 
9216.230.115.26SMTP061,066,6610.85 
10209.232.178.138SMTP01733,9090.59 
1175.215.197.44TCP/443 - ssl-https64666,9210.53 
1212.154.135.15SMTP03642,1370.51 
13213.170.46.15SMTP03588,8770.47 
1424.152.170.216TCP/443 - ssl-https10574,7920.46 
1571.192.180.111SMTP19559,6760.45 
16209.132.1.202SMTP01492,0040.39 
1767.175.244.154SMTP13472,2540.38 
18203.251.126.41SMTP27405,5450.32 
19216.76.45.66SMTP02404,5040.32 
20207.46.163.16SMTP04397,7870.32 
21206.16.192.249SMTP01355,7910.28 
22205.166.61.207SMTP03336,2940.27 
23207.188.226.76SMTP13323,5340.26 
24216.92.127.19SMTP07318,0750.25 
2575.33.12.108TCP/443 - ssl-https11301,2970.24 
2672.70.68.93SMTP20291,5300.23 
27198.31.62.21SMTP15291,4330.23 
2865.122.53.10SMTP02244,2180.19 
29216.24.225.10SMTP03243,2120.19 
30205.178.146.57SMTP02237,8160.19 
31206.117.58.161SMTP02233,5320.19 
3212.9.139.194SMTP07226,5700.18 
33208.30.46.1SMTP04189,9820.15 
3468.111.187.15TCP/443 - ssl-https06188,1290.15 
3587.227.202.60SMTP32183,4360.15 
3664.113.160.189SMTP04179,3450.14 
3772.232.89.147SMTP04173,2450.14 
38204.221.76.200SMTP03171,6420.14 
3982.140.81.179SMTP11163,9010.13 
40216.148.62.24SMTP01145,6280.12 
4175.213.126.213TCP/443 - ssl-https12145,2700.12 
42203.86.7.160SMTP12141,8630.11 
43206.251.241.5SMTP04139,1520.11 
4467.67.82.142SMTP10138,8310.11 
45216.102.26.130SMTP04137,0020.11 
46196.218.120.111SMTP07132,2910.11 
47208.30.129.67SMTP11123,9650.10 
4864.158.128.147SMTP01120,9730.10 
49205.203.131.15SMTP05108,3830.09 
5066.75.162.135SMTP01107,9300.09 

Top 50 sources, destinations, protocols and bytes

NoSourceDestinationProtocolConnectionsBytes%Comment
165.83.225.181192.168.1.8SMTP0340,240,63832.10 
224.152.170.216192.168.1.8TCP/41250213,160,16410.50 
324.152.169.178192.168.1.8TCP/443 - ssl-https10510,420,0118.31 
461.144.170.167192.168.1.8SMTP011,971,2421.57 
5209.86.89.67192.168.1.8SMTP011,483,2521.18 
668.111.187.15192.168.1.8TCP/4125011,307,2021.04 
7206.251.253.15192.168.1.8SMTP1801,176,8750.94 
8203.84.221.13192.168.1.8SMTP011,101,5200.88 
9216.230.115.26192.168.1.8SMTP061,066,6610.85 
10209.232.178.138192.168.1.8SMTP01733,9090.59 
1175.215.197.44192.168.1.8TCP/443 - ssl-https64666,9210.53 
1212.154.135.15192.168.1.8SMTP03642,1370.51 
13213.170.46.15192.168.1.8SMTP03588,8770.47 
1424.152.170.216192.168.1.8TCP/443 - ssl-https10574,7920.46 
1571.192.180.111192.168.1.8SMTP19559,6760.45 
16209.132.1.202192.168.1.8SMTP01492,0040.39 
1767.175.244.154192.168.1.8SMTP13472,2540.38 
18203.251.126.41192.168.1.8SMTP27405,5450.32 
19216.76.45.66192.168.1.8SMTP02404,5040.32 
20207.46.163.16192.168.1.8SMTP04397,7870.32 
21206.16.192.249192.168.1.8SMTP01355,7910.28 
22205.166.61.207192.168.1.8SMTP03336,2940.27 
23207.188.226.76192.168.1.8SMTP13323,5340.26 
24216.92.127.19192.168.1.8SMTP07318,0750.25 
2575.33.12.108192.168.1.8TCP/443 - ssl-https11301,2970.24 
2672.70.68.93192.168.1.8SMTP20291,5300.23 
27198.31.62.21192.168.1.8SMTP15291,4330.23 
2865.122.53.10192.168.1.8SMTP02244,2180.19 
29216.24.225.10192.168.1.8SMTP03243,2120.19 
30205.178.146.57192.168.1.8SMTP02237,8160.19 
31206.117.58.161192.168.1.8SMTP02233,5320.19 
3212.9.139.194192.168.1.8SMTP07226,5700.18 
33208.30.46.1192.168.1.8SMTP04189,9820.15 
3468.111.187.15192.168.1.8TCP/443 - ssl-https06188,1290.15 
3587.227.202.60192.168.1.8SMTP32183,4360.15 
3664.113.160.189192.168.1.8SMTP04179,3450.14 
3772.232.89.147192.168.1.8SMTP04173,2450.14 
38204.221.76.200192.168.1.8SMTP03171,6420.14 
3982.140.81.179192.168.1.8SMTP11163,9010.13 
40216.148.62.24192.168.1.8SMTP01145,6280.12 
4175.213.126.213192.168.1.8TCP/443 - ssl-https12145,2700.12 
42203.86.7.160192.168.1.8SMTP12141,8630.11 
43206.251.241.5192.168.1.8SMTP04139,1520.11 
4467.67.82.142192.168.1.8SMTP10138,8310.11 
45216.102.26.130192.168.1.8SMTP04137,0020.11 
46196.218.120.111192.168.1.8SMTP07132,2910.11 
47208.30.129.67192.168.1.8SMTP11123,9650.10 
4864.158.128.147192.168.1.8SMTP01120,9730.10 
49205.203.131.15192.168.1.8SMTP05108,3830.09 
5066.75.162.135192.168.1.8SMTP01107,9300.09 

Top 50 protocols

NoProtocolConnectionsBytes%Comment
1SMTP4,55798,006,10378.17 
2TCP/41250314,467,36611.54 
3TCP/443 - ssl-https21712,425,2209.91 
4UDP/1026 - blaster-worm376191,6370.15 
5UDP/1027 - blaster-worm263128,3270.10 
6TCP/113 - ident1,01881,3280.06 
7ICMP/3 - unreach46829,0380.02 
8UDP/1434 - ms sql monitor104,0400.00 
9ICMP/8 - ping393,5160.00 
10TCP/445 - netbios322,9280.00 
11HTTP052,5350.00 
12TCP/62903322,4480.00 
13PPTP012,2900.00 
14TCP/65271241,7640.00 
15TCP/36685251,7400.00 
16UDP/52896011,5930.00 
17TCP/40740201,4520.00 
18TCP/40899201,4400.00 
19TCP/6434141,0080.00 
20UDP/4081019280.00 
21UDP/1030019280.00 
22TCP/22443128640.00 
23TCP/135 - ms rpc118640.00 
24UDP/33436038280.00 
25TCP/24899107560.00 
26NETBIOS-SSN097480.00 
27UDP/33437037360.00 
28TCP/33619107200.00 
29UDP/36685125690.00 
30UDP/65271125670.00 
31UDP/62903125650.00 
32UDP/40740115200.00 
33UDP/40899104760.00 
34TCP/1433 - ms sql074720.00 
35NETBIOS-NS064680.00 
36TCP/4899 - radmin064320.00 
37TCP/5900 - vnc054300.00 
38TCP/444063840.00 
39UDP/6434073310.00 
40UDP/33619062840.00 
41UDP/22443062830.00 
42UDP/33435012760.00 
43UDP/24899052380.00 
44FTP032160.00 
45TCP/3389 - ms rdp011880.00 
46TCP/1080 - socks proxy031440.00 
47TCP/39099021440.00 
48UDP/41872011380.00 
49TCP/22 - ssh011200.00 
50TCP/6101011040.00 



Top 50 protocol TCP/3389 - ms rdp: Sources, destinations, and traffic - Unique sources: 1, unique destinations: 1

NoSourceDestinationConnectionsBytesComment
1202.57.134.170192.168.1.801188 

Firewall: 64.50.46.226 - Interfaces: LAN to LAN - Go to top

Top 50 denied sources

NoSourceConnectionsFirst denial%Comment
1192.168.1.66329/28/2006 4:46:23 PM58.85 
2192.168.1.81449/28/2006 7:33:49 AM13.41 
30.0.0.0519/28/2006 10:09:10 AM04.75 
4192.168.1.175129/28/2006 10:09:46 AM01.122 denials recorded on 1/7/2008 5:25:20 AM
5192.168.1.102109/28/2006 9:23:59 AM00.93 
6192.168.1.120089/28/2006 7:30:22 AM00.74 
7192.168.1.239089/28/2006 7:41:35 AM00.74 
8192.168.1.103089/28/2006 8:20:35 AM00.74 
9192.168.1.90089/28/2006 8:20:41 AM00.74 
10192.168.1.100089/28/2006 9:41:27 AM00.74 
11192.168.1.152089/28/2006 1:33:53 PM00.74 
12192.168.1.68089/28/2006 2:15:28 PM00.74 
13192.168.1.244079/28/2006 3:31:42 PM00.65 
14192.168.1.182069/28/2006 8:28:22 AM00.56 
15192.168.1.87069/28/2006 8:48:05 AM00.56 
16192.168.1.85069/28/2006 9:06:55 AM00.56 
17192.168.1.107069/28/2006 9:24:10 AM00.56 
18192.168.1.91069/28/2006 9:31:46 AM00.56 
19192.168.1.200069/28/2006 12:56:07 PM00.56 
20192.168.1.73069/28/2006 1:33:51 PM00.56 
21192.168.1.86069/28/2006 2:29:14 PM00.56 
22192.168.1.171069/28/2006 2:37:53 PM00.56 
23192.168.1.92069/28/2006 2:57:29 PM00.56 
24192.168.1.177069/28/2006 3:10:35 PM00.56 
25192.168.1.94069/28/2006 3:12:54 PM00.56 
26192.168.1.96069/28/2006 3:28:34 PM00.5611 denials recorded on 1/6/2008 11:11:33 PM
27192.168.1.82069/28/2006 3:30:16 PM00.56 
28192.168.1.146069/28/2006 3:33:22 PM00.56 
29192.168.1.98069/28/2006 3:42:16 PM00.56 
30192.168.1.114069/28/2006 3:43:58 PM00.563 denials recorded on 1/7/2008 9:56:48 AM
31192.168.1.95069/28/2006 3:47:42 PM00.56 
32192.168.1.125069/28/2006 4:21:22 PM00.56 
33192.168.1.194069/28/2006 7:13:19 PM00.56 
34192.168.1.93049/28/2006 11:54:56 AM00.37 
35192.168.1.106049/28/2006 4:04:58 PM00.37 
36192.168.1.131049/28/2006 4:05:04 PM00.37 
37192.168.1.158049/28/2006 5:15:19 PM00.37 
38192.168.1.109049/28/2006 7:12:01 PM00.37 
39192.168.1.72049/28/2006 7:15:26 PM00.37 
40192.168.1.121049/28/2006 8:49:26 PM00.37 
41192.168.1.208029/28/2006 12:23:36 PM00.19 
42192.168.1.161029/28/2006 2:47:14 PM00.19 
43192.168.1.70029/28/2006 3:10:23 PM00.19 
44192.168.1.167029/28/2006 4:15:06 PM00.19 
45192.168.1.148029/28/2006 4:41:35 PM00.19 
46192.168.1.151029/28/2006 6:29:45 PM00.19 
47192.168.1.81029/28/2006 10:20:31 PM00.19 

Top 50 destinations for denied connections

NoDestinationConnectionsFirst denial%Comment
1192.168.1.16849/28/2006 10:09:46 AM63.69 
2Broadcast3909/28/2006 7:30:22 AM36.31 

Top 50 denied protocols

NoDenied protocolConnectionsFirst denial%Comment
1UDP/137 - netbios6329/28/2006 4:46:23 PM58.85 
2UDP/67 - dhcp3909/28/2006 7:30:22 AM36.31 
3ICMP/1027279/28/2006 9:00:01 PM02.51 
4ICMP/1028219/28/2006 9:00:01 PM01.96 
5ICMP/7049/28/2006 10:09:46 AM00.37 



Top 50 denial reasons

NoDenial reasonConnectionsFirst denial%Comment
1Denied UDP packet from LAN1,0229/28/2006 7:30:22 AM95.16 
2Denied TCP connection from LAN529/28/2006 10:09:46 AM04.84 



Top 50 denied sources, destinations, protocols and reasons

NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
1192.168.1.6192.168.1.1UDP/137 - netbiosDenied UDP packet from LAN6329/28/2006 4:46:23 PM58.85 
2192.168.1.8BroadcastUDP/67 - dhcpDenied UDP packet from LAN969/28/2006 7:33:49 AM8.94 
30.0.0.0BroadcastUDP/67 - dhcpDenied UDP packet from LAN519/28/2006 10:09:10 AM4.75 
4192.168.1.8192.168.1.1ICMP/1027Denied TCP connection from LAN279/28/2006 9:00:01 PM2.51 
5192.168.1.8192.168.1.1ICMP/1028Denied TCP connection from LAN219/28/2006 9:00:01 PM1.96 
6192.168.1.102BroadcastUDP/67 - dhcpDenied UDP packet from LAN109/28/2006 9:23:59 AM0.93 
7192.168.1.120BroadcastUDP/67 - dhcpDenied UDP packet from LAN089/28/2006 7:30:22 AM0.74 
8192.168.1.239BroadcastUDP/67 - dhcpDenied UDP packet from LAN089/28/2006 7:41:35 AM0.74 
9192.168.1.103BroadcastUDP/67 - dhcpDenied UDP packet from LAN089/28/2006 8:20:35 AM0.74 
10192.168.1.90BroadcastUDP/67 - dhcpDenied UDP packet from LAN089/28/2006 8:20:41 AM0.74 
11192.168.1.100BroadcastUDP/67 - dhcpDenied UDP packet from LAN089/28/2006 9:41:27 AM0.74 
12192.168.1.175BroadcastUDP/67 - dhcpDenied UDP packet from LAN089/28/2006 10:10:12 AM0.742 denials recorded on 1/7/2008 5:25:20 AM
13192.168.1.152BroadcastUDP/67 - dhcpDenied UDP packet from LAN089/28/2006 1:33:53 PM0.74 
14192.168.1.68BroadcastUDP/67 - dhcpDenied UDP packet from LAN089/28/2006 2:15:28 PM0.74 
15192.168.1.244BroadcastUDP/67 - dhcpDenied UDP packet from LAN079/28/2006 3:31:42 PM0.65 
16192.168.1.182BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 8:28:22 AM0.56 
17192.168.1.87BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 8:48:05 AM0.56 
18192.168.1.85BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 9:06:55 AM0.56 
19192.168.1.107BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 9:24:10 AM0.56 
20192.168.1.91BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 9:31:46 AM0.56 
21192.168.1.200BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 12:56:07 PM0.56 
22192.168.1.73BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 1:33:51 PM0.56 
23192.168.1.86BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 2:29:14 PM0.56 
24192.168.1.171BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 2:37:53 PM0.56 
25192.168.1.92BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 2:57:29 PM0.56 
26192.168.1.177BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 3:10:35 PM0.56 
27192.168.1.94BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 3:12:54 PM0.56 
28192.168.1.96BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 3:28:34 PM0.5611 denials recorded on 1/6/2008 11:11:33 PM
29192.168.1.82BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 3:30:16 PM0.56 
30192.168.1.146BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 3:33:22 PM0.56 
31192.168.1.98BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 3:42:16 PM0.56 
32192.168.1.114BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 3:43:58 PM0.563 denials recorded on 1/7/2008 9:56:48 AM
33192.168.1.95BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 3:47:42 PM0.56 
34192.168.1.125BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 4:21:22 PM0.56 
35192.168.1.194BroadcastUDP/67 - dhcpDenied UDP packet from LAN069/28/2006 7:13:19 PM0.56 
36192.168.1.175192.168.1.1ICMP/7Denied TCP connection from LAN049/28/2006 10:09:46 AM0.37 
37192.168.1.93BroadcastUDP/67 - dhcpDenied UDP packet from LAN049/28/2006 11:54:56 AM0.37 
38192.168.1.106BroadcastUDP/67 - dhcpDenied UDP packet from LAN049/28/2006 4:04:58 PM0.37 
39192.168.1.131BroadcastUDP/67 - dhcpDenied UDP packet from LAN049/28/2006 4:05:04 PM0.37 
40192.168.1.158BroadcastUDP/67 - dhcpDenied UDP packet from LAN049/28/2006 5:15:19 PM0.37 
41192.168.1.109BroadcastUDP/67 - dhcpDenied UDP packet from LAN049/28/2006 7:12:01 PM0.37 
42192.168.1.72BroadcastUDP/67 - dhcpDenied UDP packet from LAN049/28/2006 7:15:26 PM0.37 
43192.168.1.121BroadcastUDP/67 - dhcpDenied UDP packet from LAN049/28/2006 8:49:26 PM0.37 
44192.168.1.208BroadcastUDP/67 - dhcpDenied UDP packet from LAN029/28/2006 12:23:36 PM0.19 
45192.168.1.161BroadcastUDP/67 - dhcpDenied UDP packet from LAN029/28/2006 2:47:14 PM0.19 
46192.168.1.70BroadcastUDP/67 - dhcpDenied UDP packet from LAN029/28/2006 3:10:23 PM0.19 
47192.168.1.167BroadcastUDP/67 - dhcpDenied UDP packet from LAN029/28/2006 4:15:06 PM0.19 
48192.168.1.148BroadcastUDP/67 - dhcpDenied UDP packet from LAN029/28/2006 4:41:35 PM0.19 
49192.168.1.151BroadcastUDP/67 - dhcpDenied UDP packet from LAN029/28/2006 6:29:45 PM0.19 
50192.168.1.81BroadcastUDP/67 - dhcpDenied UDP packet from LAN029/28/2006 10:20:31 PM0.19 

Top 50 denied protocols and reasons

NoProtocolReasonDenials%Comment
1UDP/137 - netbiosDenied UDP packet from LAN63258.85 
2UDP/67 - dhcpDenied UDP packet from LAN39036.31 
3ICMP/1027Denied TCP connection from LAN272.51 
4ICMP/1028Denied TCP connection from LAN211.96 
5ICMP/7Denied TCP connection from LAN040.37 

Firewall: 64.50.46.226 - Interfaces: WAN to WAN - Go to top

Top 50 denied sources

NoSourceConnectionsFirst denial%Comment
164.50.204.27069/28/2006 8:10:00 AM25.00 
264.50.126.93069/28/2006 3:21:10 PM25.00 
3212.19.106.221029/28/2006 1:31:14 PM08.33 
464.48.234.133029/29/2006 3:54:32 AM08.33 
564.48.234.87029/29/2006 6:59:46 AM08.33 
658.140.18.180019/28/2006 12:18:20 PM04.17 
766.59.22.237019/28/2006 5:59:43 PM04.17 
872.19.193.117019/28/2006 5:59:55 PM04.17 
924.31.69.117019/29/2006 1:17:06 AM04.17 
1068.63.214.65019/29/2006 2:45:18 AM04.17 
11200.73.82.145019/29/2006 3:18:44 AM04.17 

Top 50 destinations for denied connections

NoDestinationConnectionsFirst denial%Comment
164.50.46.224099/28/2006 8:10:00 AM37.50 
264.50.46.239099/28/2006 8:10:00 AM37.50 
364.50.46.226069/28/2006 12:18:20 PM25.00 

Top 50 denied protocols

NoDenied protocolConnectionsFirst denial%Comment
1ICMP/8 - ping189/28/2006 8:10:00 AM75.00 
2ICMP/3 - unreach069/28/2006 12:18:20 PM25.00 



Top 50 denial reasons

NoDenial reasonConnectionsFirst denial%Comment
1Smurf Amplification Attack Dropped189/28/2006 8:10:00 AM75.00 
2ICMP packet dropped069/28/2006 12:18:20 PM25.00 



Top 50 denied sources, destinations, protocols and reasons

NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
164.50.204.2764.50.46.224ICMP/8 - pingSmurf Amplification Attack Dropped039/28/2006 8:10:00 AM12.50 
264.50.204.2764.50.46.239ICMP/8 - pingSmurf Amplification Attack Dropped039/28/2006 8:10:00 AM12.50 
364.50.126.9364.50.46.224ICMP/8 - pingSmurf Amplification Attack Dropped039/28/2006 3:21:10 PM12.50 
464.50.126.9364.50.46.239ICMP/8 - pingSmurf Amplification Attack Dropped039/28/2006 3:21:10 PM12.50 
558.140.18.18064.50.46.226ICMP/3 - unreachICMP packet dropped019/28/2006 12:18:20 PM4.17 
6212.19.106.22164.50.46.224ICMP/8 - pingSmurf Amplification Attack Dropped019/28/2006 1:31:14 PM4.17 
7212.19.106.22164.50.46.239ICMP/8 - pingSmurf Amplification Attack Dropped019/28/2006 1:31:15 PM4.17 
866.59.22.23764.50.46.226ICMP/3 - unreachICMP packet dropped019/28/2006 5:59:43 PM4.17 
972.19.193.11764.50.46.226ICMP/3 - unreachICMP packet dropped019/28/2006 5:59:55 PM4.17 
1024.31.69.11764.50.46.226ICMP/3 - unreachICMP packet dropped019/29/2006 1:17:06 AM4.17 
1168.63.214.6564.50.46.226ICMP/3 - unreachICMP packet dropped019/29/2006 2:45:18 AM4.17 
12200.73.82.14564.50.46.226ICMP/3 - unreachICMP packet dropped019/29/2006 3:18:44 AM4.17 
1364.48.234.13364.50.46.224ICMP/8 - pingSmurf Amplification Attack Dropped019/29/2006 3:54:32 AM4.17 
1464.48.234.13364.50.46.239ICMP/8 - pingSmurf Amplification Attack Dropped019/29/2006 3:54:32 AM4.17 
1564.48.234.8764.50.46.224ICMP/8 - pingSmurf Amplification Attack Dropped019/29/2006 6:59:46 AM4.17 
1664.48.234.8764.50.46.239ICMP/8 - pingSmurf Amplification Attack Dropped019/29/2006 6:59:46 AM4.17 

Top 50 denied protocols and reasons

NoProtocolReasonDenials%Comment
1ICMP/8 - pingSmurf Amplification Attack Dropped1875.00 
2ICMP/3 - unreachICMP packet dropped0625.00 

Firewall: 64.50.46.226 - Interfaces: Not specified - Go to top

Top 50 warning messages

NoSourceDestinationProtocolWarningCountFirst warning%Comment
164.50.46.22664.50.46.226-Problem sending log email; check log settings099/28/2006 8:10:00 AM100.00 

Analysis details

Analysis start time1/2/2018 3:57:58 PM
Analysis duration0.29 minutes (17 seconds)
Analysis engine versionSonicwall parser version: 0.02
FireGen40Service.exe - FireGen scheduler service: 4.2.1.0
Filtering criteriaAll entries
Excluded keywordsNone

Glossary

!!!Indicates that a high denials:connections ration has been detected. The current configured ratio is 3. The !!! indicates that the percentage of denials for that hour is bigger than 3 x the connections percentage. This indicates some unusual denial activity that may have to be investigated. The ratio can be configured on the Report Formats interface.
Other messagesThe Other messages represents a list of message not yet configured in the Firegen parser. Please send these messages to us (support@firegen.com) and we will add them in the next Firegen update. These messages are included in the list of message types but they are not yet fully understood by the analyzer.