FWLOGSUM REPORT Dropped and Rejected Entries Sorted by destination Report generated on: Mon Jul 9 16:25:47 2007 Period for report data: 20 Oct 2001 at 17:21:03 to 26 Nov 2001 at 9:02:26 Period for matched data: 17 Nov 2001 at 14:10:43 to 26 Nov 2001 at 9:01:59 Total entries processed: 18995 Entries matched on: 310 Inbound traffic: 18952 Outbound traffic: 8 Control Messages: 35 Alert Entries: 2 Encrypted/Decrypted Entries: 4 Unknown entries 0 Entries ignored: 0 Attack Types: 0 Unique Attack URLs: 0 FW-1 HOST SOURCE ADDRESS DESTINATION ADDRESS SERVICE COUNT RULE ----------------------------------------------------------------------------------------------------------------------------------- FWFOOMAIN01 fwrtrmain01.foo.com 192.1.1.13 tcp(telnet) 1 4 FWFOOMAIN01 corelinkmain01.foo.com 192.1.1.13 tcp(telnet) 1 4 FWFOOMAIN01 ns1.foo.com 192.1.1.16 tcp(smtp) 1 4 FWFOOMAIN01 ns1.foo.com 192.1.1.23 tcp(smtp) 1 4 FWFOOMAIN01 ns1.foo.com 255.255.255.255 tcp(smtp) 1 4 FWFOOMAIN01 corelinkmain01.foo.com apollo.foo.com tcp(TACACSplus) 44 4 FWFOOMAIN01 webfoogen1.foo.com apollo.foo.com tcp(telnet) 1 4 FWFOOMAIN01 fwrtrmain01.foo.com apollo.foo.com tcp(TACACSplus) 6 4 FWFOOMAIN01 webfoogen1.foo.com apollo.foo.com tcp(login) 1 4 FWFOOMAIN01 gwt.lab.foo.com corelinkmain01.foo.com tcp(45) 1 3 FWFOOMAIN01 webfoogen1.foo.com devel.lab.foo.com tcp(54924) 7 4 FWFOOMAIN01 webfoogen1.foo.com devel.lab.foo.com tcp(38530) 41 4 FWFOOMAIN01 webfoogen1.foo.com devel.lab.foo.com tcp(38567) 42 4 FWFOOMAIN01 webfoogen1.foo.com devel.lab.foo.com tcp(35338) 9 4 FWFOOMAIN01 fwmain01.foo.com dhcp-100-101-167-223.dhcp.foo.com tcp(1167) 8 4 FWFOOMAIN01 dhcp-100-101-167-233.dhcp.foo.com fwfoomain01-2 udp(nbname) 1 4 INTERNETGW test.lab.foo.com fwfoomain01-2 tcp(tcpmux) 1 3 FWFOOMAIN01 test.lab.foo.com fwfoomain01-2 tcp(smtp) 2 3 FWFOOMAIN01 dhcp-100-101-167-233.dhcp.foo.com fwfoomain01.foo.com tcp(telnet) 1 3 FWFOOGW02 gwt.lab.foo.com fwfoomain01.foo.com tcp(shell) 1 3 INTERNETGW test.lab.foo.com fwfoomain01.foo.com tcp(tcpmux) 1 3 FWFOOMAIN01 gwt.lab.foo.com fwfoomain01.foo.com tcp(telnet) 1 3 FWFOOGW02 dhcp-100-101-167-233.dhcp.foo.com fwfoomain01.foo.com tcp(telnet) 1 3 FWFOOMAIN01 test.lab.foo.com fwfoomain01.foo.com tcp(smtp) 2 3 FWFOOMAIN01 gwt.lab.foo.com fwfoomain01.foo.com tcp(telnet) 4 3 FWFOOMAIN01 test.lab.foo.com fwfoomain01.foo.com tcp(smtp) 4 3 FWFOOMAIN01 gwt.lab.foo.com fwfoomain01.foo.com udp(33442) 1 3 FWFOOMAIN01 gwt.lab.foo.com fwfoomain01.foo.com udp(33443) 1 3 FWFOOMAIN01 gwt.lab.foo.com fwfoomain01.foo.com udp(33441) 1 3 FWFOOGW02 dhcp-100-101-167-233.dhcp.foo.com.au fwfoomain01.foo.com.au tcp(telnet) 1 3 FWFOOMAIN01 dhcp-100-101-167-223.dhcp.foo.com fwmain01.foo.com tcp(FW1_mgmt) 1 4 FWFOOMAIN01 dhcp-100-101-167-233.dhcp.foo.com fwmain01.foo.com udp(177) 2 4 FWFOOMAIN01 fwrtrmain01.foo.com ns4.foo.com udp(ntp-udp) 15 4 INTERNETGW mlink.foo.co.uk ns4.foo.com udp(ntp-udp) 1 3 FWFOOMAIN01 fwrtrmain01.foo.com ns4.foo.com udp(ntp-udp) 3 3 FWFOOMAIN01 fwrtrmain01.foo.com ns4.foo.com udp(ntp-udp) 5 3 FWFOOMAIN01 mlink.foo.co.uk ns4.foo.com udp(ntp-udp) 4 3 FWFOOMAIN01 mlink.foo.co.uk ns4.foo.com udp(ntp-udp) 2 3 FWFOOGW02 mlink.foo.co.uk ns4.foo.com udp(ntp-udp) 2 3 FWFOOGW02 fwrtrmain01.foo.com ns4.foo.com udp(ntp-udp) 2 3 FWFOOMAIN01 mlink.foo.co.uk ns4.foo.net udp(ntp-udp) 2 3 FWFOOMAIN01 fwrtrmain01.foo.com ns4.foo.net udp(ntp-udp) 1 3 FWFOOMAIN01 fwmain01.foo.com rtnw.foo.com tcp(telnet) 1 4 FWFOOMAIN01 fwrtrmain01.foo.com rtnw.foo.com tcp(telnet) 1 4 FWFOOMAIN01 corelinkmain01.foo.com rtnw.foo.com tcp(telnet) 1 4 FWFOOMAIN01 192.1.28.252 webfoogen1.foo.com tcp(login) 1 4 FWFOOMAIN01 devel.lab.foo.com webfoogen1.foo.com tcp(login) 2 4 FWFOOMAIN01 dhcp-100-101-162-201.dhcp.foo.com webwebmain01.foo.com tcp(nbsession) 13 4 FWFOOMAIN01 dhcp-100-101-162-201.dhcp.foo.com webwebmain01.foo.com tcp(sunrpc) 30 4 FWFOOMAIN01 webfoogen1.foo.com zeus.lab.foo.com tcp(1573) 33 4 SUMMARY INFORMATION Firewall Server: Top 10 of 3 ======================================================= FWFOOMAIN01 300 96.77% FWFOOGW02 7 2.26% INTERNETGW 3 0.97% Users/Source Addresses: Top 10 of 14 ======================================================= webfoogen1.foo.com 134 43.23% corelinkmain01.foo.com 46 14.84% dhcp-100-101-162-201.dhcp.foo.com 43 13.87% fwrtrmain01.foo.com 34 10.97% mlink.foo.co.uk 11 3.55% gwt.lab.foo.com 10 3.23% test.lab.foo.com 10 3.23% fwmain01.foo.com 9 2.90% dhcp-100-101-167-233.dhcp.foo.com 5 1.61% ns1.foo.com 3 0.97% Users/Destination Addresses: Top 10 of 18 ======================================================= devel.lab.foo.com 99 31.94% apollo.foo.com 52 16.77% webwebmain01.foo.com 43 13.87% ns4.foo.com 34 10.97% zeus.lab.foo.com 33 10.65% fwfoomain01.foo.com 18 5.81% dhcp-100-101-167-223.dhcp.foo.com 8 2.58% fwfoomain01-2 4 1.29% fwmain01.foo.com 3 0.97% rtnw.foo.com 3 0.97% Service Usage: Top 10 of 22 ======================================================= tcp(TACACSplus) 50 16.13% tcp(38567) 42 13.55% tcp(38530) 41 13.23% udp(ntp-udp) 37 11.94% tcp(1573) 33 10.65% tcp(sunrpc) 30 9.68% tcp(telnet) 14 4.52% tcp(nbsession) 13 4.19% tcp(smtp) 11 3.55% tcp(35338) 9 2.90% Rule Usage: Top 10 of 2 ======================================================= Rule 4 265 85.48% Rule 3 45 14.52% Network Interface Usage: Top 10 of 6 ======================================================= FWFOOMAIN01 hme1 (inbound) 229 73.87% FWFOOMAIN01 hme0 (inbound) 71 22.90% FWFOOGW02 hme1 (inbound) 4 1.29% FWFOOGW02 hme0 (inbound) 3 0.97% Internet Gateway (inbound) 2 0.65% Web Services Network (inbound) 1 0.32% Alert Types: Top 10 of 2 ======================================================= log 1 0.32% mail 1 0.32% Source Domains: Top 10 of 4 ======================================================= US Commercial 297 95.81% United Kingdom 11 3.55% Australia 1 0.32% Unresolved 1 0.32% Destination Domains: Top 10 of 5 ======================================================= US Commercial 297 95.81% Unresolved 5 1.61% Unknown 4 1.29% Network 3 0.97% Australia 1 0.32% Daily Usage ======================================================= 23Nov2001 64 20.65% 22Nov2001 61 19.68% 17Nov2001 60 19.35% 21Nov2001 36 11.61% 20Nov2001 34 10.97% 26Nov2001 18 5.81% 19Nov2001 13 4.19% 25Nov2001 13 4.19% 18Nov2001 11 3.55% Hourly Periods: Top 10 ======================================================= 2PM-3PM 66 21.29% 11AM-12AM 38 12.26% 7PM-8PM 28 9.03% 1PM-2PM 20 6.45% 8AM-9AM 18 5.81% 10AM-11AM 16 5.16% 6AM-7AM 11 3.55% 4AM-5AM 11 3.55% 6PM-7PM 11 3.55% 2AM-3AM 11 3.55% Produced by fwlogsum Version: 5.0.3 http://www.ginini.com/software/fwlogsum/