Download pdf - Firewall Daily YYMMDD - CLiCK N DECiDEsupport.clickndecide.com/downloads/pdf/Firewall_Daily_040915.pdf · Hour Total Hits Accepted Blocked Accepted Blocked Accepted Blocked Inbound

Blocked

Accepted0

1000

2000

3000

4000

5000

6000

0 1 2 3 4 5 6 7 8 9 1011121314 151617181920 212223

Eve

nts

Hour of the Day

Accepted:

Blocked:

Accepted:

1

Blocked:

Accepted:

24,079 5,736 29,815System13,737 14,620 28,357Other

6,134 9,478 2,246 17,858 270Web108 3,006 18 3,132Mail

1,726 1,726Annuary

6,854 51,867 24,570 83,291 474Total:

LAN DataSet 192.168.0.52/BOUZIGUES/ Accepted 15,786

LAN DataSet 192.168.0.201/D7/ Blocked 46

External 213.41.140.159/monchel.net1.nerim.NET/ Accepted 2,016

External 212.83.159.45/rev.host-159.45.tiscali-business.fr/

Blocked 22

1

6

4

2

5

3

Previous Next

3 Blocked:

4 24,570

5 123

6 51,867

2 448

1 6,854

Wednesday September 15, 2004Daily General Firewall Statistics

External Visitors 184 248

Internal Users 19 10

External Destinations 6,728 19

Internal Servers 22 2

Source Action Hits Total MB

Network Forensics - Daily Filtering by Hour

Services - Top 5 Accepted Services by HitsNetwork Forensics - Most Active Internal User and External Visitor

Traffic - Traffic Activity Trends Based on The Number of IP Addresses

Accepted Blocked

Inbound

Outbound

Internal

3

3,847

4,418

206

1

10

Services - Number of Different Services

© NetReport www.net-report.net Page 1/40Report printed on Wednesday November 10, 2004 at 16:33

Firewall_Daily_040914.pdf




Firewall_Monthly_0409.pdf

Internal Accepted

Outbound Accepted

Inbound Accepted0

1000

2000

3000

4000

5000

6000

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

Eve

nts

AcceptedAccepted

Hour of the Day

Internal Blocked

Outbound Blocked

Inbound Blocked048

1216202428323640444852

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

Eve

nts

BlockedBlocked

Hour of the Day

Wednesday September 15, 2004Graph of Events by Hour of the Day

Traffic - Accepted Traffic

Traffic - Blocked Traffic


Hour

Total Hits

Accepted Blocked Accepted Blocked Accepted Blocked

Inbound Outbound Internal

Accepted Blocked Total

Wednesday September 15, 2004Graph of Events by Hour of the Day

1,8501600:00 1,83496 14 1,308 2 4303,4322701:00 3,405136 25 2,842 2 4272,1762002:00 2,156122 17 1,603 3 4311,8921303:00 1,879150 10 1,299 3 4301,9351404:00 1,921116 4 1,377 10 4282,013905:00 2,004120 6 1,446 3 4382,9091606:00 2,893535 13 1,914 3 4444,6805407:00 4,626362 48 3,257 6 1,0074,2941608:00 4,278287 13 2,686 3 1,3053,3433009:00 3,313231 22 2,800 8 2822,9012710:00 2,874312 22 2,276 5 2862,4122411:00 2,388393 20 1,903 4 925,9714412:00 5,927491 34 4,957 10 4794,8882813:00 4,860715 20 2,768 8 1,3774,5553414:00 4,521590 29 2,109 4 1,822 15,3502715:00 5,323474 12 2,703 15 2,1464,2052816:00 4,177144 25 2,039 3 1,9944,5954117:00 4,554164 33 2,691 8 1,6993,7812218:00 3,759182 17 2,080 5 1,4973,059619:00 3,053120 4 1,414 2 1,5193,2201120:00 3,209606 8 1,103 3 1,5003,0551121:00 3,044150 9 1,392 2 1,5024,2242522:00 4,199260 18 2,433 7 1,5063,1232923:00 3,09498 25 1,467 4 1,529

6,854 448 51,867 123 24,570 1Total for 9/15/2004 57283,291 83,863


InternalInbound OutboundType Total MBTotal HitsAction

Wednesday September 15, 2004

Blocked and Accepted Traffic Figures Analyzed by Number of Hits

474Accepted accept 6,854 51,867 24,570 83,291Total Accepted: 6,854 51,867 24,570 83,291 474

Blocked drop 448 119 567reject 4 1 5

Total Blocked: 448 123 1 572

Total Wednesday September 15, 2004 4747,302 51,990 24,571 83,863


Source Area Service Total HitsDestination Area Rule


Service comment

Top 100 Accepted Services by Source and Destination

Wednesday September 15, 2004 56,159

DMZ 11,754

DMZ External 11,742

DMZ External 53 Domain Name Server 15 11,742

DMZ LAN DataSet 12

DMZ LAN DataSet 25 Simple Mail Transfer 15 12


http://www.netreport.fr/port_report.asp?port=53






Service comment



External 6,854

External DMZ 6,746

External DMZ 80 World Wide Web HTTP 17 6,134

External DMZ 21 File Transfer [Control] 17 612

External LAN DataSet 108

External LAN DataSet 143 Internet Message Access Protocol 8 108










Service comment



Firewall 244

Firewall External 242

Firewall External 53 Domain Name Server internal 242

Firewall LAN DataSet 2

Firewall LAN DataSet 21 File Transfer [Control] 14 2








Service comment



LAN DataSet 37,307

LAN DataSet DMZ 8,044

LAN DataSet DMZ 445 Microsoft-DS 14 5,736

LAN DataSet DMZ 80 World Wide Web HTTP 13 2,238

LAN DataSet DMZ 12343 NetReport XML Configuration Server 14 26

LAN DataSet DMZ 1433 Microsoft-SQL-Server 14 14

LAN DataSet DMZ 7424 DataSet Remote Control 14 9

LAN DataSet DMZ 1434 Microsoft-SQL-Monitor 14 7

LAN DataSet DMZ 7427 OpenView DM Event Agent Manager 14 7

LAN DataSet DMZ 7425 DataSet Remote Control 14 5

LAN DataSet DMZ 21 File Transfer [Control] 14 2

LAN DataSet External 29,263

LAN DataSet External 53 Domain Name Server 14 11,476

LAN DataSet External 80 World Wide Web HTTP 13 9,250

LAN DataSet External 110 Post Office Protocol - Version 3 14 2,745

LAN DataSet External 4662 edonkey 14 1,072

LAN DataSet External 67 Bootstrap Protocol Server 14 324

LAN DataSet External 31885 14 316

LAN DataSet External 68 Bootstrap Protocol Client 14 294

LAN DataSet External 25 Simple Mail Transfer 14 261

LAN DataSet External 4665 edonkey 14 257

LAN DataSet External 3000 HBCI 14 247

LAN DataSet External 443 http protocol over TLS/SSL 14 226


















































Service comment



LAN DataSet 37,307




LAN DataSet External 3306 MySQL 14 120





LAN DataSet External 5555 Personal Agent also used by HP Omniback 14 96

LAN DataSet External 4672 remote file access server 14 81


LAN DataSet External 5002 radio free ethernet 14 38


LAN DataSet External 21 File Transfer [Control] 14 34

LAN DataSet External 3310 Dyna Access 14 34

LAN DataSet External 9999 distinct 14 34




LAN DataSet External 11321 Arena Server Listen 14 27

LAN DataSet External 4663 edonkey 14 27
























































Service comment



LAN DataSet 37,307


LAN DataSet External 4000 ICQ 14 25



LAN DataSet External 123 Network Time Protocol 14 24




LAN DataSet External 5420 Cylink-C 14 23



LAN DataSet External 5766 OpenMail NewMail Server 14 22

LAN DataSet External 6085 konspire2b p2p network 14 22











LAN DataSet External 3670 SMILE TCP/UDP Interface 14 20

LAN DataSet External 4661 Kar2ouche Peer location service 14 20




















































Service comment



LAN DataSet 37,307




LAN DataSet External 6502 BoKS Servm 14 20

LAN DataSet External 1080 Socks 14 19

LAN DataSet External 11319 IMIP 14 19




LAN DataSet External 3633 Wyrnix AIS port 14 19






LAN DataSet External 8199 VVR DATA 14 19





LAN DataSet External 3312 Application Management Server 14 18




















































Source Area Service Total HitsDestination Area RuleService comment

Top 100 Blocked Services by Source and Destination

Wednesday September 15, 2004 342

DMZ 4

DMZ External 4

DMZ External 53 Domain Name Server internal 1

DMZ External 36326 19 1

DMZ External 34383 19 1

DMZ External 1717 fj-hdnet 19 1














External 338

External Firewall 338

External Firewall 9898 MonkeyCom 19 46

External Firewall 1026 Calender Access Protocol 19 40

External Firewall 5554 SGI ESP HTTP 19 35

External Firewall 1027 ExoSee 19 17

External Firewall 1080 Socks 19 13

External Firewall 113 Authentication Service 19 12

External Firewall 1434 Microsoft-SQL-Monitor 19 11

External Firewall 20760 19 10

External Firewall 2745 URBISNET 19 9

External Firewall 1433 Microsoft-SQL-Server 19 9

External Firewall 135 DCE endpoint resolution 19 9

External Firewall 1023 Reserved 19 7

External Firewall 4899 RAdmin Port 19 6

External Firewall 3410 NetworkLens SSL Event 19 5



External Firewall 12345 NetReport COM agent 19 3

External Firewall 1025 network blackjack 19 3




























































External 338




External Firewall 2746 CPUDPENCAP 2

External Firewall 22 SSH Remote Login Protocol 19 2

External Firewall 80 World Wide Web HTTP 2

External Firewall 8080 HTTP Alternate (see port 80) 19 2

External Firewall 901 SMPNAMERES 19 2







































































External 338









External Firewall 25 Simple Mail Transfer 19 1



External Firewall 3127 CTX Bridge Port 19 1



































































External 338











































































Internal Blocked

Outbound Blocked

Inbound Blocked

Internal Accepted

Outbound Accepted

Inbound Accepted0

2000400060008000

10000120001400016000180002000022000240002600028000300003200034000360003800040000420004400046000480005000052000

8 13 14 15 17 19

intern

al

Eve

nts

Events by RulesEvents by Rules

Rules

Wednesday September 15, 2004Number of Events by Rules


Outbound

Rule

Total Hits

Accepted Blocked Accepted Blocked Accepted Blocked

Inbound Internal

Accepted Blocked Total

Number of Events by Rules Wednesday September 15, 2004

25254 211081088 108

11,48811,48813 9,250 2,23852,944152,94314 30,633 22,310 111,75411,75415 11,742 12

6,7466,74617 6,74649949919 444 5529947252internal 242 47 10

6,854 448 51,867 123 24,570 1Total September/15/2004 57283,291 83,863


Source Area Internal User

Top 30 Accepted Internal Users Sorted by Hits.

Hits Hits %


K-Bytes K-Bytes % Elapsed Time (min) Elaps. Time %

LAN DataSet 192.168.0.52/BOUZIGUES 15,786 20.65%LAN DataSet 192.168.0.201/D7 15,686 126 220.52% 0.07% 0.03%DMZ 203.162.14.80/www.netreport.fr 11,754 15.38%LAN DataSet 192.168.0.61/KIWI 9,283 58 1212.14% 0.03% 0.17%LAN DataSet 192.168.0.202/PROXY 6,999 79,302 6,7659.16% 45.61% 90.49%LAN DataSet 192.168.0.62/PATATE 3,948 1,488 175.17% 0.86% 0.22%LAN DataSet 192.168.0.53/CHIVAS 3,897 22 25.10% 0.01% 0.03%LAN DataSet 192.168.0.54/TINTIN 3,440 39,845 1614.50% 22.92% 2.15%LAN DataSet 192.168.0.204 1,822 2.38%LAN DataSet 192.168.0.67/CARAMBOLE 1,273 5,876 2271.67% 3.38% 3.04%LAN DataSet 192.168.0.51/TOMATE 841 3,811 901.10% 2.19% 1.21%LAN DataSet 192.168.0.58/LYCHEE 525 3,120 860.69% 1.79% 1.15%LAN DataSet 192.168.0.83/ABDEL 455 3,679 520.60% 2.12% 0.69%Firewall 81.50.132.7/AMontpellier-104-2-1-7.w81-50.abo.wanadoo.fr 242 0.32%LAN DataSet 192.168.0.65/SKIPPER 221 10.29% 0.00%LAN DataSet 192.168.0.56/FRAISE 140 1,488 90.18% 0.86% 0.12%LAN DataSet 192.168.0.63/VMTOMATE 122 35,050 520.16% 20.16% 0.70%Firewall 192.168.0.3/Firewall 2 0.00%LAN DataSet 192.168.0.6 1 0.00%

76,437 173,864 7,476Total for the above User list: 100.00% 100.00% 100.00%

76,437 173,864 7,476Total for all User for the same period:


Source Area Visitor

Top 30 Accepted Visitors Sorted by Hits.

Hits Hits %



External 213.41.140.159/monchel.net1.nerim.NET 2,016 913 1436.20% 1.19% 2.00%External 213.146.130.30/213-146-130-30-in-addr.intechnology.co.uk 358 6,827 846.43% 8.91% 11.92%External 82.120.244.151/AVelizy-152-1-42-151.w82-120.abo.wanadoo.fr 291 40,159 495.23% 52.40% 6.93%External 212.250.202.150 268 3,163 724.81% 4.13% 10.24%External 194.3.93.139 248 1,305 104.45% 1.70% 1.43%External 212.250.94.219 222 1,549 323.99% 2.02% 4.52%External 62.101.64.91/fast.tomato.it 192 2,172 1953.45% 2.83% 27.50%External 82.53.112.127/host127-112.pool8253.interbusiness.it 184 57 13.30% 0.07% 0.10%External 207.46.98.83 166 4,365 62.98% 5.69% 0.91%External 80.126.193.89/a80-126-193-89.adsl.xs4all.nl 160 2,019 582.87% 2.63% 8.25%External 195.6.224.137 136 542 222.44% 0.71% 3.12%External 80.58.35.44/80.58.35.44.proxycache.rima-tde.NET 126 755 62.26% 0.99% 0.89%External 198.26.126.13/WCS2-SCHRIEVER.NIPR.mil 114 422 22.05% 0.55% 0.29%External 212.217.29.80/ll212-80-29-217-212.ll212.iam.net.ma 108 924 451.94% 1.21% 6.33%External 202.138.116.23 94 1,884 31.69% 2.46% 0.42%External 198.26.126.12/WCS1-SCHRIEVER.NIPR.MIL 92 442 21.65% 0.58% 0.33%External 196.41.196.36/nds-firewall2.nds.co.za 84 348 21.51% 0.45% 0.23%External 213.170.46.200 78 1,986 91.40% 2.59% 1.32%External 62.246.151.38/p62.246.151.38.tisdip.tiscali.de 76 1,238 101.36% 1.62% 1.36%External 217.14.40.1 64 1,044 31.15% 1.36% 0.43%External 12.20.58.68/us-proxy.att.com 60 349 21.08% 0.46% 0.21%External 83.211.147.97/ip-147-97.sn2.eutelia.it 58 538 291.04% 0.70% 4.13%External 195.167.237.62/62.237.167.195.in-addr.arpa 56 1,510 81.01% 1.97% 1.10%External 62.254.224.45 56 90 101.01% 0.12% 1.37%External 193.98.76.14/trans.heller-machinetools.com 46 340 10.83% 0.44% 0.08%External 213.84.181.210/mail.nieuwenhuis.com 46 588 190.83% 0.77% 2.72%External 193.113.48.7 44 274 10.79% 0.36% 0.09%External 62.92.92.114 44 301 10.79% 0.39% 0.16%External 194.201.25.219/mailhost2.messier-dowty.org 42 266 110.75% 0.35% 1.56%External 194.4.130.210 40 2700.72% 0.35% 0.04%

5,569 76,641 708Total for the above User list: 100.00% 100.00% 100.00%

76,437 173,864 7,476Total for all User for the same period:



Top 10 Accepted Internal Users with their Top 10 Accepted Services

Total HitsRuleDestination AreaService Comment


LAN DataSet 192.168.0.52/BOUZIGUES 15,786

1,715DMZ 14445 Microsoft-DS1,072External 144662 edonkey

247External 143000 HBCI244External 144665 edonkey147External 146662120External 143306 MySQL106External 1415848

97External 14424696External 145555 Personal Agent also used by HP

Omniback 81External 144672 remote file access server

LAN DataSet 192.168.0.201/D7 15,686

11,327External 1453 Domain Name Server2,308External 14110 Post Office Protocol - Version 3

464External 1380 World Wide Web HTTP294External 1468 Bootstrap Protocol Client281External 1467 Bootstrap Protocol Server229External 1425 Simple Mail Transfer152LAN DataSet 144716152LAN DataSet 144717

69LAN DataSet 143985 MAPPER TCP/IP server69LAN DataSet 143986 MAPPER workstation server

DMZ 203.162.14.80/www.netreport.fr 11,754

11,742External 1553 Domain Name Server12LAN DataSet 1525 Simple Mail Transfer


















































LAN DataSet 192.168.0.61/KIWI 9,283

3,118DMZ 14445 Microsoft-DS316External 1431885177External 1459875160External 1411207151External 1441538124External 14110 Post Office Protocol - Version 3109External 1411107105External 1422672

54External 145727836External 1434898

LAN DataSet 192.168.0.202/PROXY 6,999

6,146External 1380 World Wide Web HTTP676DMZ 1380 World Wide Web HTTP160External 14443 http protocol over TLS/SSL

12External 1421 File Transfer [Control]1LAN DataSet 1442721LAN DataSet 144208 VRML Multi User Systems1External 141983 Loophole Test Protocol1LAN DataSet 141383 GW Hannaway Network License Manager1LAN DataSet 141061 KIOSK












































LAN DataSet 192.168.0.62/PATATE 3,948

14External 1380 World Wide Web HTTP6LAN DataSet 143104 Autocue Time Service5LAN DataSet 143166 Quest Repository5LAN DataSet 1439055LAN DataSet 1446254LAN DataSet 142072 GlobeCast mSync4LAN DataSet 142090 Load Report Protocol4LAN DataSet 142294 Konshus License Manager (FLEX)4LAN DataSet 142356 GXT License Managemant4LAN DataSet 142461 qadmifoper

LAN DataSet 192.168.0.53/CHIVAS 3,897

565DMZ 14445 Microsoft-DS10Firewall internal18190 OPSEC CPMI (Checkpoint)

6External 1380 World Wide Web HTTP4LAN DataSet 142081 KME PRINTER TRAP PORT4LAN DataSet 142099 H.225.0 Annex G4LAN DataSet 142303 Proxy Gateway4LAN DataSet 142326 IDCP4LAN DataSet 142365 dbref4LAN DataSet 142405 TRC Netpoll4LAN DataSet 142470 taskman port














































LAN DataSet 192.168.0.54/TINTIN 3,440

1,330DMZ 1380 World Wide Web HTTP538External 1380 World Wide Web HTTP132External 14110 Post Office Protocol - Version 3

54External 14443 http protocol over TLS/SSL26DMZ 1412343 NetReport XML Configuration Server14External 1425 Simple Mail Transfer11External 1467 Bootstrap Protocol Server

5External 1421 File Transfer [Control]4LAN DataSet 143022 CSREGAGENT4LAN DataSet 143131 Net Book Mark

LAN DataSet 192.168.0.204 1,822

1,726LAN DataSet 14389 Lightweight Directory Access Protocol96External 1453 Domain Name Server

LAN DataSet 192.168.0.67/CARAMBOLE 1,273

1,186External 1380 World Wide Web HTTP36External 1453 Domain Name Server

4DMZ 1380 World Wide Web HTTP2LAN DataSet 1441011LAN DataSet 143349 Chevin Services1LAN DataSet 143338 OMF data b1LAN DataSet 143249 State Sync Protocol1LAN DataSet 143224 AES Discovery Port1LAN DataSet 143223 DIGIVOTE (R) Vote-Server1LAN DataSet 143167 poweroncontact














































Top 10 Accepted Visitors with their Top 10 Accepted Services

Source Area Visitor Total HitsRuleDestination AreaService Comment


External 213.41.140.159/monchel.net1.nerim.NET 2,016

1,440DMZ 1780 World Wide Web HTTP576DMZ 1721 File Transfer [Control]

External 213.146.130.30/213-146-130-30-in-addr.intechnology.co.uk 358

322DMZ 1780 World Wide Web HTTP36LAN DataSet 8143 Internet Message Access Protocol

External 82.120.244.151/AVelizy-152-1-42-151.w82-120.abo.wanadoo.fr 291

274DMZ 1780 World Wide Web HTTP9DMZ 1721 File Transfer [Control]8LAN DataSet 8143 Internet Message Access Protocol

External 212.250.202.150 268


External 194.3.93.139 248

248DMZ 1780 World Wide Web HTTP

External 212.250.94.219 222


External 62.101.64.91/fast.tomato.it 192


External 82.53.112.127/host127-112.pool8253.interbusiness.it 184


External 207.46.98.83 166



http://www.netreport.fr/whois/redirect.asp?ip=213.41.140.159





































Top 10 Accepted Visitors with their Top 10 Accepted Services



External 80.126.193.89/a80-126-193-89.adsl.xs4all.nl 160


6DMZ 1721 File Transfer [Control]









Top 10 Blocked Internal Users with their Top 10 Blocked Services

Source Area Internal User Total HitsRuleDestination AreaService Comment


LAN DataSet

46External internal53 Domain Name Server

192.168.0.201/D7 46

LAN DataSet

24External 19123 Network Time Protocol

192.168.17.1/BOUZIGUES 24

LAN DataSet

24External 19123 Network Time Protocol

192.168.1.1/BOUZIGUES 24

LAN DataSet

9External80 World Wide Web HTTP2External21 File Transfer [Control]

192.168.0.202/PROXY 11

LAN DataSet

6External4662 edonkey2External9 Discard

192.168.0.52/BOUZIGUES 8

DMZ

1External internal53 Domain Name Server1External 19363261External 19343831External 191717 fj-hdnet

203.162.14.80/www.netreport.fr 4

LAN DataSet

3External 191434 Microsoft-SQL-Monitor

192.168.44.1 3

LAN DataSet

2External21 File Transfer [Control]

192.168.0.83/ABDEL 2

LAN DataSet

1External 191434 Microsoft-SQL-Monitor

192.168.111.1 1






























Top 10 Blocked Internal Users with their Top 10 Blocked Services

Source Area Internal User Total HitsRuleDestination AreaService Comment


LAN DataSet

1LAN DataSet 141720 h323hostcall

192.168.0.62/PATATE 1




Top 10 Blocked Visitors with their Top 10 Blocked Services



External

1Firewall 19347971Firewall 19347131Firewall 19347121Firewall 19347111Firewall 19346971Firewall 19342231Firewall 19342161Firewall 19341661Firewall 19341611Firewall 1934155

212.83.159.45/rev.host-159.45.tiscali-business.fr 22

External

1Firewall 19378561Firewall 19378551Firewall 19378541Firewall 19378531Firewall 19378521Firewall 19378511Firewall 19378501Firewall 19378291Firewall 19378281Firewall 1937827

81.251.84.52/AMontpellier-251-1-36-52.w81-251.abo.wanadoo.fr 19

External

6Firewall 191027 ExoSee6Firewall 191026 Calender Access Protocol5Firewall 191028

222.88.173.5 17

External

8Firewall 19135 DCE endpoint resolution8Firewall 191026 Calender Access Protocol

80.50.132.7 16
























































Top 10 Blocked Visitors with their Top 10 Blocked Services



External

12Firewall 191080 Socks

211.115.86.241 12

External

12Firewall 191026 Calender Access Protocol

218.78.209.68 12

External

3Firewall 19313593Firewall 19313582Firewall 19313562Firewall 19313532Firewall 1931352

80.15.236.190 12

External

10Firewall 1920760

137.194.8.129/draconis.rezel.enst.fr 10

External

4Firewall 191027 ExoSee4Firewall 191026 Calender Access Protocol

221.143.42.254 8

External

8Firewall 19113 Authentication Service

81.50.27.236/ADijon-106-1-20-236.w81-50.abo.wanadoo.fr 8






























Service Service Comment

Top 30 Incoming Accepted Services Sorted by K-Bytes.

Hits Hits %



21 File Transfer [Control] 612204,870 4658.93%68.16% 18.05%80 World Wide Web HTTP 6,13495,684 2,11089.50%31.84% 81.95%143 Internet Message Access Protocol 108 1.58%

Total for the above Incoming Accepted Services list: 6,854300,554 2,575100.00% 100.00% 100.00%

6,854 2,575Total for all Incoming Accepted Services for the same period: 300,554








Service Service Comment

Top 30 Outgoing Accepted Services Sorted by K-Bytes.

Hits Hits %



80 World Wide Web HTTP 9,252150,969 7,13823.07%100.00% 100.00%53 Domain Name Server 23,460 58.51%110 Post Office Protocol - Version 3 2,745 6.85%4662 edonkey 1,072 2.67%67 Bootstrap Protocol Server 324 0.81%31885 316 0.79%68 Bootstrap Protocol Client 294 0.73%25 Simple Mail Transfer 261 0.65%4665 edonkey 257 0.64%3000 HBCI 247 0.62%443 http protocol over TLS/SSL 226 0.56%59875 177 0.44%11207 160 0.40%41538 151 0.38%6662 147 0.37%3306 MySQL 120 0.30%11107 109 0.27%15848 106 0.26%22672 105 0.26%4246 97 0.24%5555 Personal Agent also used by HP Omniback 96 0.24%4672 remote file access server 81 0.20%57278 54 0.13%5002 radio free ethernet 38 0.09%34898 36 0.09%9999 distinct 34 0.08%3310 Dyna Access 34 0.08%21 File Transfer [Control] 34 0.08%6794 32 0.08%4675 31 0.08%

Total for the above Accepted Outgoing Services list: 40,096150,969 7,138100.00% 100.00% 100.00%

51,867 7,138Total for all Accepted Outgoing Services for the same period: 150,969






























































Top 10 Accepted Services with their Top 10 Accepted Internal Users

Total HitsRuleDestination AreaInternal User Source AreaService Comment


53 Domain Name Server

11,742External 15203.162.14.80/www.netreport.fr

DMZ 11,742

80 World Wide Web HTTP

6,146External 13192.168.0.202/PROXY1,330DMZ 13192.168.0.54/TINTIN1,186External 13192.168.0.67/CARAMBOLE

676DMZ 13192.168.0.202/PROXY538External 13192.168.0.54/TINTIN464External 13192.168.0.201/D7458External 13192.168.0.58/LYCHEE232External 13192.168.0.83/ABDEL164DMZ 13192.168.0.51/TOMATE102External 13192.168.0.63/VMTOMATE

LAN DataSet 11,490


11,327External 14192.168.0.201/D796External 14192.168.0.20436External 14192.168.0.67/CARAMBOLE17External 14192.168.0.51/TOMATE

LAN DataSet 11,476

445 Microsoft-DS

3,118DMZ 14192.168.0.61/KIWI1,715DMZ 14192.168.0.52/BOUZIGUES

565DMZ 14192.168.0.53/CHIVAS338DMZ 14192.168.0.51/TOMATE

LAN DataSet 5,736

110 Post Office Protocol - Version 3

2,308External 14192.168.0.201/D7181External 14192.168.0.83/ABDEL132External 14192.168.0.54/TINTIN124External 14192.168.0.61/KIWI

LAN DataSet 2,745



































Top 10 Accepted Services with their Top 10 Accepted Internal Users



389 Lightweight Directory Access Protocol

1,726LAN DataSet 14192.168.0.204

LAN DataSet 1,726

4662 edonkey

1,072External 14192.168.0.52/BOUZIGUES1LAN DataSet 14192.168.0.54/TINTIN

LAN DataSet 1,073

67 Bootstrap Protocol Server

281External 14192.168.0.201/D712External 14192.168.0.63/VMTOMATE11External 14192.168.0.54/TINTIN

8External 14192.168.0.61/KIWI3External 14192.168.0.62/PATATE3External 14192.168.0.56/FRAISE3External 14192.168.0.51/TOMATE2External 14192.168.0.53/CHIVAS1External 14192.168.0.65/SKIPPER

LAN DataSet 324

31885

316External 14192.168.0.61/KIWI

LAN DataSet 316

68 Bootstrap Protocol Client

294External 14192.168.0.201/D7

LAN DataSet 294


























Top 10 Accepted Services with their Top 10 Accepted Visitors

Total HitsRuleDestination AreaVisitor Source AreaService Comment



1,440DMZ 17213.41.140.159/monchel.net1.nerim.NET322DMZ 17213.146.130.30/213-146-130-30-in-addr.intechnology.co.uk274DMZ 1782.120.244.151/AVelizy-152-1-42-151.w82-120.abo.wanado

o.fr 248DMZ 17194.3.93.139226DMZ 17212.250.202.150222DMZ 17212.250.94.219192DMZ 1762.101.64.91/fast.tomato.it184DMZ 1782.53.112.127/host127-112.pool8253.interbusiness.it166DMZ 17207.46.98.83136DMZ 17195.6.224.137

External 6,134

21 File Transfer [Control]

576DMZ 17213.41.140.159/monchel.net1.nerim.NET19DMZ 1762.72.119.190/nokia-prod.nextiraone.be

9DMZ 1782.120.244.151/AVelizy-152-1-42-151.w82-120.abo.wanadoo.fr 6DMZ 1780.126.193.89/a80-126-193-89.adsl.xs4all.nl

2DMZ 1761.153.48.198

External 612

143 Internet Message Access Protocol

42LAN DataSet 8212.250.202.15036LAN DataSet 8213.146.130.30/213-146-130-30-in-addr.intechnology.co.uk22LAN DataSet 880.126.193.89/a80-126-193-89.adsl.xs4all.nl

8LAN DataSet 882.120.244.151/AVelizy-152-1-42-151.w82-120.abo.wanadoo.fr

External 108



























Top 10 Blocked Services with their Top 10 Blocked Internal Users



123 Network Time Protocol

24External 19192.168.17.1/BOUZIGUES24External 19192.168.1.1/BOUZIGUES

LAN DataSet 48


46External internal192.168.0.201/D7

LAN DataSet 46


9External192.168.0.202/PROXY

LAN DataSet 9

4662 edonkey

6External192.168.0.52/BOUZIGUES

LAN DataSet 6

1434 Microsoft-SQL-Monitor

3External 19192.168.44.11External 19192.168.111.1

LAN DataSet 4

21 File Transfer [Control]

2External192.168.0.83/ABDEL2External192.168.0.202/PROXY

LAN DataSet 4

9 Discard

2External192.168.0.52/BOUZIGUES

LAN DataSet 2


1External internal203.162.14.80/www.netreport.fr

DMZ 1

36326

1External 19203.162.14.80/www.netreport.fr

DMZ 1

34383

1External 19203.162.14.80/www.netreport.fr

DMZ 1



































Top 10 Blocked Services with their Top 10 Blocked Visitors



9898 MonkeyCom External 46

2Firewall 19142.217.135.11/cm-135-11.telebecinternet.NET1Firewall 1910.33.2.361Firewall 19219.78.123.241/n219078123241.netvigator.com1Firewall 19219.44.140.247/YahooBB219044140247.bbtec.NET1Firewall 19219.145.46.1221Firewall 19218.94.212.1171Firewall 19218.255.183.58/cm218-255-183-58.hkcable.com.hk1Firewall 19218.153.206.791Firewall 19217.95.212.203/pD95FD4CB.dip.t-dialin.NET1Firewall 19201.133.11.4/dsl-201-133-11-4.prod-empresarial.com.mx

1026 Calender Access Protocol External 40

12Firewall 19218.78.209.688Firewall 1980.50.132.76Firewall 19222.88.173.54Firewall 19221.143.42.2543Firewall 1967.17.155.201Firewall 19196.9.195.841Firewall 19196.29.16.1451Firewall 19195.97.250.971Firewall 19195.86.79.741Firewall 19195.36.29.161





























5554 SGI ESP HTTP External 35

2Firewall 19142.217.135.11/cm-135-11.telebecinternet.NET1Firewall 1910.33.2.361Firewall 19220.146.191.25/ntszok051025.szok.nt.adsl.ppp.infoweb.ne.j

p 1Firewall 19219.44.140.247/YahooBB219044140247.bbtec.NET1Firewall 19219.140.108.2231Firewall 19219.133.243.211Firewall 19218.255.183.58/cm218-255-183-58.hkcable.com.hk1Firewall 19218.153.206.791Firewall 19217.95.212.203/pD95FD4CB.dip.t-dialin.NET1Firewall 19201.133.11.4/dsl-201-133-11-4.prod-empresarial.com.mx

1027 ExoSee External 17

6Firewall 19222.88.173.54Firewall 19221.143.42.2541Firewall 19195.94.49.2171Firewall 19195.251.3.2231Firewall 19195.23.26.90/195-23-26-90.net.novis.pt1Firewall 19195.197.111.1351Firewall 19195.188.89.961Firewall 19195.134.45.371Firewall 19195.112.164.8

1080 Socks External 13

12Firewall 19211.115.86.2411Firewall 1961.144.222.73

113 Authentication Service External 12

8Firewall 1981.50.27.236/ADijon-106-1-20-236.w81-50.abo.wanadoo.fr2Firewall 19195.220.66.261Firewall 1981.50.51.146/AClermont-Ferrand-108-1-10-146.w81-50.abo.

wanadoo. 1Firewall 19193.175.26.33/sax.sax.de






































1434 Microsoft-SQL-Monitor External 11

1Firewall 1968.84.28.185/pcp03360445pcs.capcir01.fl.comcast.NET1Firewall 1965.59.126.501Firewall 1924.159.224.26/24-159-224-26.jvl.wi.charter.COM1Firewall 19222.144.97.42/p1042-ipbf305hodogaya.kanagawa.ocn.ne.jp1Firewall 19218.247.146.2001Firewall 19209.78.19.187/adsl-209-78-19-187.dsl.renocs.pacbell.NET1Firewall 19203.221.246.247/dialup-247.246.221.203.acc05-stge-pth.co

mindico.co 1Firewall 19202.108.249.211Firewall 19156.17.102.4/zgf4.ing.uni.wroc.pl1Firewall 19155.239.145.162/wwg-ip-nas-1-p418.telkom-ipnet.co.za

20760 External 10

10Firewall 19137.194.8.129/draconis.rezel.enst.fr

1433 Microsoft-SQL-Server External 9

2Firewall 1965.163.159.731Firewall 1981.53.5.28/ANancy-110-1-3-28.w81-53.abo.wanadoo.fr1Firewall 1981.50.46.61/AGrenoble-203-1-6-61.w81-50.abo.wanadoo.fr1Firewall 1981.248.222.63/ANancy-110-1-26-63.w81-248.abo.wanadoo.f

r 1Firewall 1981.1.74.86/81-1-74-86.homechoice.co.uk1Firewall 1963.243.16.9/lmr-inc.com1Firewall 19219.144.206.101Firewall 19219.144.196.141

135 DCE endpoint resolution External 9

8Firewall 1980.50.132.71Firewall 1983.192.173.80/AAmiens-151-1-15-80.w83-192.abo.wanadoo

.fr
































Top 10 Users & Visitors Using the Greatest Variety of Services

Accepted

192.168.0.52/BOUZIGUES 4,581 15,786 2 8 4,581 15,794

192.168.0.61/KIWI 2,919 9,283 2,919 9,283

192.168.0.62/PATATE 2,564 3,948 1 1 2,565 3,949

192.168.0.53/CHIVAS 2,352 3,897 2,352 3,897

192.168.0.54/TINTIN 999 3,440 999 3,440

192.168.0.51/TOMATE 214 841 214 841

192.168.0.65/SKIPPER 209 221 209 221

192.168.0.56/FRAISE 121 140 121 140

192.168.0.201/D7 65 15,686 1 46 65 15,732

192.168.0.67/CARAMBOLE 48 1,273 48 1,273

212.83.159.45/rev.host-159.45.tiscali-business.fr 22 22 22 22

81.251.84.52/AMontpellier-251-1-36-52.w81-251.abo.wanadoo.fr 19 19 19 1980.15.236.190 5 12 5 12

81.50.207.249/ANancy-110-1-7-249.w81-50.abo.wanadoo.fr 4 4 4 4218.153.206.79 3 3 3 3

219.44.140.247/YahooBB219044140247.bbtec.NET 3 3 3 3220.221.29.63/i220-221-29-63.s05.a024.ap.plala.or.jp 3 3 3 3

220.73.20.111 3 3 3 3221.157.227.99 3 3 3 3

222.88.173.5 3 17 3 17

Distinct Services Number of Hits

Blocked


Total


Accepted


Blocked


Total


Internal Users

External Visitors










