F W L O G S U M R E P O R T
|
Accepted Entries Sorted by count Only including lines matching: "telnet" Report generated on: Mon Jul 9 16:25:33 2007 Period for report data: 20 Oct 2001 at 17:21:03 to 26 Nov 2001 at 9:02:26 Period for matched data: 17 Nov 2001 at 14:43:02 to 26 Nov 2001 at 8:55:23 |
| Total entries processed | 18995 |
| Entries matched on | 182 |
| Inbound traffic | 18952 |
| Outbound traffic | 8 |
| Control Messages | 35 |
| Entries Ignored | 18468 |
| Alert Entries | 2 |
| Attack Types | 0 |
| Unique Attack URLs | 0 |
| Encrypted/Decrypted Entries | 4 |
| Unknown Entries | 0 |
| Colour Index |
| Standard Entries |
| Highlighted Entries |
| Alert Entries |
| Encrypted/Decrypted Entries |
| FW1 Host | Source Address | Destination Address | Service | Count | Rule |
| FWFOOMAIN01 | devel.lab.foo.com | webfoogen1.foo.com | tcp(telnet) | 115 | 1 |
| FWFOOMAIN01 | zeus.lab.foo.com | webfoogen1.foo.com | tcp(telnet) | 35 | 1 |
| FWFOOMAIN01 | dhcp-100-101-167-233.dhcp.foo.com | fwfoomain01.foo.com | tcp(telnet) | 12 | 3 |
| FWFOOMAIN01 | dhcp-100-101-160-062.dhcp.foo.com | corelinkmain01.foo.com | tcp(telnet) | 9 | 1 |
| FWFOOMAIN01 | 192.1.1.13 | corelinkmain01.foo.com | tcp(telnet) | 4 | 1 |
| FWFOOMAIN01 | dhcp-100-101-166-059.dhcp.foo.com | fwfoomain01-2 | tcp(telnet) | 2 | 1 |
| FWFOOMAIN01 | gwt.lab.foo.com | fwmain01.foo.com | tcp(telnet) | 1 | 1 |
| FWFOOMAIN01 | test.lab.foo.com | corelinkmain01.foo.com | tcp(telnet) | 1 | 1 |
| FWFOOMAIN01 | devel.lab.foo.com | 192.1.1.8 | tcp(telnet) | 1 | 1 |
| FWFOOMAIN01 | dhcp-100-101-166-057.dhcp.foo.com | fwfoomain01-2 | tcp(telnet) | 1 | 1 |
| FWFOOMAIN01 | devel.lab.foo.com | fwfoomain01.foo.com | tcp(telnet) | 1 | 3 |
| Firewall Server: Top 10 of 1 | |||
| FWhost | Count | Of Total | % |
| FWFOOMAIN01 | 182 | 100.00% | |
| Users/Source Addresses: Top 10 of 9 | |||
| Source | Count | Of Total | % |
| devel.lab.foo.com | 117 | 64.29% | |
| zeus.lab.foo.com | 35 | 19.23% | |
| dhcp-100-101-167-233.dhcp.foo.com | 12 | 6.59% | |
| dhcp-100-101-160-062.dhcp.foo.com | 9 | 4.95% | |
| 192.1.1.13 | 4 | 2.20% | |
| dhcp-100-101-166-059.dhcp.foo.com | 2 | 1.10% | |
| gwt.lab.foo.com | 1 | 0.55% | |
| test.lab.foo.com | 1 | 0.55% | |
| dhcp-100-101-166-057.dhcp.foo.com | 1 | 0.55% | |
| Users/Destination Addresses: Top 10 of 6 | |||
| Destination | Count | Of Total | % |
| webfoogen1.foo.com | 150 | 82.42% | |
| corelinkmain01.foo.com | 14 | 7.69% | |
| fwfoomain01.foo.com | 13 | 7.14% | |
| fwfoomain01-2 | 3 | 1.65% | |
| fwmain01.foo.com | 1 | 0.55% | |
| 192.1.1.8 | 1 | 0.55% | |
| Service Usage: Top 10 of 1 | |||
| Service | Count | Of Total | % |
| tcp(telnet) | 182 | 100.00% | |
| Rule Usage: Top 10 of 2 | |||
| Rule | Count | Of Total | % |
| Rule 1 | 169 | 92.86% | |
| Rule 3 | 13 | 7.14% | |
| Network Interface Usage: Top 10 of 1 | |||
| Networks | Count | Of Total | % |
| FWFOOMAIN01 hme0 (inbound) | 182 | 100.00% | |
| Alert Types: Top 10 of 2 | |||
| AlertType | Count | Of Total | % |
| log | 1 | 0.55% | |
| 1 | 0.55% | ||
| Source Domains: Top 10 of 2 | |||
| SrcDomain | Count | Of Total | % |
| US Commercial | 178 | 97.80% | |
| Unresolved | 4 | 2.20% | |
| Destination Domains: Top 10 of 3 | |||
| DestDomain | Count | Of Total | % |
| US Commercial | 178 | 97.80% | |
| Unknown | 3 | 1.65% | |
| Unresolved | 1 | 0.55% | |
| Daily Usage | |||
| Daily | Count | Of Total | % |
| 21Nov2001 | 36 | 19.78% | |
| 22Nov2001 | 36 | 19.78% | |
| 23Nov2001 | 26 | 14.29% | |
| 20Nov2001 | 25 | 13.74% | |
| 19Nov2001 | 17 | 9.34% | |
| 18Nov2001 | 11 | 6.04% | |
| 26Nov2001 | 11 | 6.04% | |
| 17Nov2001 | 10 | 5.49% | |
| 25Nov2001 | 10 | 5.49% | |
| Hourly Periods: Top 10 | |||
| Time | Count | Of Total | % |
| 8AM-9AM | 20 | 10.99% | |
| 4PM-5PM | 17 | 9.34% | |
| 10AM-11AM | 13 | 7.14% | |
| 6AM-7AM | 11 | 6.04% | |
| 4AM-5AM | 11 | 6.04% | |
| 6PM-7PM | 11 | 6.04% | |
| 2AM-3AM | 11 | 6.04% | |
| 8PM-9PM | 11 | 6.04% | |
| 10PM-11PM | 11 | 6.04% | |
| 0AM-1AM | 11 | 6.04% | |
Ignored 18468 entries not matching: telnet