FWLOGSUM REPORT Accepted Entries Sorted by source Report generated on: Sun Apr 21 22:12:04 2013 Period for report data: 20 Oct 2001 at 17:21:03 to 26 Nov 2001 at 9:02:26 Period for matched data: 17 Nov 2001 at 14:10:58 to 26 Nov 2001 at 9:02:26 Total entries processed: 18995 Entries matched on: 18650 Inbound traffic: 18952 Outbound traffic: 8 Control Messages: 35 Alert Entries: 2 Encrypted/Decrypted Entries: 4 Unknown entries 0 Entries ignored: 0 Attack Types: 0 Unique Attack URLs: 0 SOURCE ADDRESS DESTINATION ADDRESS SERVICE COUNT RULE ----------------------------------------------------------------------------------------------------------------------------------- 134.251.64.243 webfoogen1.foo.com tcp(smtp) 2 1 192.1.1.13 corelinkmain01.foo.com tcp(telnet) 4 1 192.1.1.13 webwebmain01.foo.com icmp(0/0) 1 1 apollo.foo.com corelinkmain01.foo.com icmp(0/0) 1 1 apollo.foo.com webfoogen1.foo.com icmp(0/0) 1 1 corelinkmain01.foo.com ns4.foo.com udp(ntp-udp) 14 3 corelinkmain01.foo.com ns4.foo.net.nz udp(ntp-udp) 3 2 corelinkmain01.foo.com devel.lab.foo.com icmp(3/1) 1 2 corelinkmain01.foo.com ns4.foo.com udp(ntp-udp) 9167 2 corelinkmain01.foo.com apollo.foo.com icmp(8/0) 1 2 corelinkmain01.foo.com ns4.foo.net.nz udp(ntp-udp) 1 2 corelinkmain01.foo.com apollo.foo.com tcp(TACACSplus) 8 2 corelinkmain01.foo.com apollo.foo.com tcp(TACACSplus) 3 3 corelinkmain01.foo.com rtnw.foo.com udp(snmp-trap) 12 2 corelinkmain01.foo.com.au ns4.foo.net.au udp(ntp-udp) 1 2 devel.lab.foo.com webfoogen1.foo.com tcp(pop-3) 1 1 devel.lab.foo.com webfoogen1.foo.com tcp(ftp) 9 1 devel.lab.foo.com fwfoomain01.foo.com tcp(ftp) 2 3 devel.lab.foo.com 192.1.1.8 tcp(telnet) 1 1 devel.lab.foo.com fwfoomain01.foo.com tcp(telnet) 1 3 devel.lab.foo.com webfoogen1.foo.com icmp(8/0) 1 1 devel.lab.foo.com webfoogen1.foo.com tcp(telnet) 115 1 dhcp-100-101-160-062.dhcp.foo.com corelinkmain01.foo.com tcp(telnet) 9 1 dhcp-100-101-162-201.dhcp.foo.com webwebmain01.foo.com icmp(8/0) 4 1 dhcp-100-101-162-201.dhcp.foo.com webwebmain01.foo.com tcp(ftp) 3 1 dhcp-100-101-166-057.dhcp.foo.com fwfoomain01-2 tcp(telnet) 1 1 dhcp-100-101-166-059.dhcp.foo.com fwfoomain01-2 tcp(telnet) 2 1 dhcp-100-101-167-223.dhcp.foo.com fwmain01.foo.com tcp(http) 2 1 dhcp-100-101-167-223.dhcp.foo.com fwmain01.foo.com tcp(http) 27 1 dhcp-100-101-167-223.dhcp.foo.com fwmain01.foo.com tcp(http) 2 1 dhcp-100-101-167-233.dhcp.foo.com fwfoomain01.foo.com tcp(telnet) 12 3 dhcp-100-101-167-233.dhcp.foo.com fwfoomain01-2 icmp(8/0) 1 1 fwfoomain01-2 fwrtrmain01.foo.com icmp(8/0) 1 1 fwfoomain01-2 gwt.lab.foo.com icmp(0/0) 1 2 fwfoomain01-2 dhcp-100-101-167-233.dhcp.foo.com icmp(0/0) 1 2 fwfoomain01.foo.com webwebmain01.foo.com icmp(0/0) 1 1 fwfoomain01.foo.com dhcp-100-101-167-233.dhcp.foo.com tcp(1487) 1 3 fwfoomain01.foo.com apollo.foo.com icmp(3/3) 3 3 fwmain01.foo.com dhcp-100-101-167-223.dhcp.foo.com tcp(X11) 2 2 fwmain01.foo.com nzgtsdlc.rtr.foo.com icmp(8/0) 1 2 fwrtrmain01.foo.com apollo.foo.com tcp(TACACSplus) 8 2 fwrtrmain01.foo.com ns4.foo.net.nz udp(ntp-udp) 3 2 fwrtrmain01.foo.com ns4.foo.net udp(ntp-udp) 4 2 fwrtrmain01.foo.com ns4.foo.net.nz udp(ntp-udp) 1 2 fwrtrmain01.foo.com ns4.foo.com udp(ntp-udp) 9132 2 fwrtrmain01.foo.com rtnw.foo.com udp(snmp-trap) 5 2 fwrtrmain01.foo.com fwfoomain01-2 icmp(0/0) 1 2 fwrtrmain01.foo.com.au ns4.foo.net.nz.au udp(ntp-udp) 1 2 gwt.lab.foo.com fwmain01.foo.com tcp(telnet) 1 1 gwt.lab.foo.com webwebmain01.foo.com icmp(8/0) 1 1 mlink.foo.co.uk ns4.foo.net.nz udp(ntp-udp) 1 2 mlink.foo.co.uk ns4.foo.net udp(ntp-udp) 3 2 mlink.foo.co.uk ns4.foo.com udp(ntp-udp) 2 3 ns1.foo.com 192.1.1.20 tcp(smtp) 1 1 ns1.foo.com webwebmain01.foo.com tcp(smtp) 1 1 ns1.foo.com fwfoomain01.foo.com tcp(smtp) 1 3 ns1.foo.com fwrtrmain01.foo.com tcp(smtp) 1 1 ns1.foo.com fwmain01.foo.com tcp(smtp) 1 1 ns1.foo.com 192.1.1.22 tcp(smtp) 1 1 ns1.foo.com 192.1.1.21 tcp(smtp) 1 1 nzcoremain01.rtr.foo.com fwfoomain01.foo.com icmp(4/0) 1 3 nzgtsdlc.rtr.foo.com fwmain01.foo.com icmp(0/0) 1 1 nzgtsdlc.rtr.foo.com webwebmain01.foo.com icmp(0/0) 1 1 test.lab.foo.com fwfoomain01.foo.com tcp(smtp) 1 3 test.lab.foo.com corelinkmain01.foo.com tcp(telnet) 1 1 test.lab.foo.com fwfoomain01-2 tcp(smtp) 1 3 test.lab.foo.com fwfoomain01-2 tcp(smtp) 1 1 webfoogen1.foo.com zeus.lab.foo.com tcp(X11) 1 2 webfoogen1.foo.com 134.251.64.243 tcp(ident) 2 2 webfoogen1.foo.com hermes.foo.com tcp(smtp) 2 2 webfoogen1.foo.com apollo.foo.com icmp(8/0) 1 2 webfoogen1.foo.com devel.lab.foo.com icmp(0/0) 1 2 webwebmain01.foo.com fwfoomain01.foo.com icmp(8/0) 1 2 webwebmain01.foo.com 192.1.1.13 icmp(8/0) 1 2 webwebmain01.foo.com nzgtsdlc.rtr.foo.com icmp(8/0) 1 2 webwebmain01.foo.com dhcp-100-101-162-201.dhcp.foo.com icmp(0/0) 4 2 zeus.lab.foo.com webfoogen1.foo.com tcp(telnet) 35 1 SUMMARY INFORMATION Produced by fwlogsum Version: 5.1.0 http://fwlogsum.ginini.com/