FWLOGSUM REPORT Dropped and Rejected Entries Sorted by destination Report generated on: Sun Apr 21 22:11:03 2013 Period for report data: 20 Oct 2001 at 17:21:03 to 26 Nov 2001 at 9:02:26 Period for matched data: 17 Nov 2001 at 14:10:43 to 26 Nov 2001 at 9:01:59 Total entries processed: 18995 Entries matched on: 310 Inbound traffic: 18952 Outbound traffic: 8 Control Messages: 35 Alert Entries: 2 Encrypted/Decrypted Entries: 4 Unknown entries 0 Entries ignored: 0 Attack Types: 0 Unique Attack URLs: 0 SOURCE ADDRESS DESTINATION ADDRESS SERVICE COUNT RULE ----------------------------------------------------------------------------------------------------------------------------------- fwrtrmain01.foo.com 192.1.1.13 tcp(telnet) 1 4 corelinkmain01.foo.com 192.1.1.13 tcp(telnet) 1 4 ns1.foo.com 192.1.1.16 tcp(smtp) 1 4 ns1.foo.com 192.1.1.23 tcp(smtp) 1 4 ns1.foo.com 255.255.255.255 tcp(smtp) 1 4 corelinkmain01.foo.com apollo.foo.com tcp(TACACSplus) 44 4 webfoogen1.foo.com apollo.foo.com tcp(telnet) 1 4 fwrtrmain01.foo.com apollo.foo.com tcp(TACACSplus) 6 4 webfoogen1.foo.com apollo.foo.com tcp(login) 1 4 gwt.lab.foo.com corelinkmain01.foo.com tcp(45) 1 3 webfoogen1.foo.com devel.lab.foo.com tcp(54924) 7 4 webfoogen1.foo.com devel.lab.foo.com tcp(38530) 41 4 webfoogen1.foo.com devel.lab.foo.com tcp(38567) 42 4 webfoogen1.foo.com devel.lab.foo.com tcp(35338) 9 4 fwmain01.foo.com dhcp-100-101-167-223.dhcp.foo.com tcp(1167) 8 4 dhcp-100-101-167-233.dhcp.foo.com fwfoomain01-2 udp(nbname) 1 4 test.lab.foo.com fwfoomain01-2 tcp(tcpmux) 1 3 test.lab.foo.com fwfoomain01-2 tcp(smtp) 2 3 dhcp-100-101-167-233.dhcp.foo.com fwfoomain01.foo.com tcp(telnet) 1 3 gwt.lab.foo.com fwfoomain01.foo.com tcp(shell) 1 3 test.lab.foo.com fwfoomain01.foo.com tcp(tcpmux) 1 3 gwt.lab.foo.com fwfoomain01.foo.com tcp(telnet) 1 3 dhcp-100-101-167-233.dhcp.foo.com fwfoomain01.foo.com tcp(telnet) 1 3 test.lab.foo.com fwfoomain01.foo.com tcp(smtp) 2 3 gwt.lab.foo.com fwfoomain01.foo.com tcp(telnet) 4 3 test.lab.foo.com fwfoomain01.foo.com tcp(smtp) 4 3 gwt.lab.foo.com fwfoomain01.foo.com udp(33442) 1 3 gwt.lab.foo.com fwfoomain01.foo.com udp(33443) 1 3 gwt.lab.foo.com fwfoomain01.foo.com udp(33441) 1 3 dhcp-100-101-167-233.dhcp.foo.com.au fwfoomain01.foo.com.au tcp(telnet) 1 3 dhcp-100-101-167-223.dhcp.foo.com fwmain01.foo.com tcp(FW1_mgmt) 1 4 dhcp-100-101-167-233.dhcp.foo.com fwmain01.foo.com udp(177) 2 4 fwrtrmain01.foo.com ns4.foo.com udp(ntp-udp) 15 4 mlink.foo.co.uk ns4.foo.com udp(ntp-udp) 1 3 fwrtrmain01.foo.com ns4.foo.com udp(ntp-udp) 3 3 fwrtrmain01.foo.com ns4.foo.com udp(ntp-udp) 5 3 mlink.foo.co.uk ns4.foo.com udp(ntp-udp) 4 3 mlink.foo.co.uk ns4.foo.com udp(ntp-udp) 2 3 mlink.foo.co.uk ns4.foo.com udp(ntp-udp) 2 3 fwrtrmain01.foo.com ns4.foo.com udp(ntp-udp) 2 3 mlink.foo.co.uk ns4.foo.net udp(ntp-udp) 2 3 fwrtrmain01.foo.com ns4.foo.net udp(ntp-udp) 1 3 fwmain01.foo.com rtnw.foo.com tcp(telnet) 1 4 fwrtrmain01.foo.com rtnw.foo.com tcp(telnet) 1 4 corelinkmain01.foo.com rtnw.foo.com tcp(telnet) 1 4 192.1.28.252 webfoogen1.foo.com tcp(login) 1 4 devel.lab.foo.com webfoogen1.foo.com tcp(login) 2 4 dhcp-100-101-162-201.dhcp.foo.com webwebmain01.foo.com tcp(nbsession) 13 4 dhcp-100-101-162-201.dhcp.foo.com webwebmain01.foo.com tcp(sunrpc) 30 4 webfoogen1.foo.com zeus.lab.foo.com tcp(1573) 33 4 SUMMARY INFORMATION Produced by fwlogsum Version: 5.1.0 http://fwlogsum.ginini.com/