Logo
 
firegen home | support | tcp/ip ports | logwiki | support forums
Altair Technologies Ltd. - Firegen report generated on 11/15/2011 7:54:05 PM

FireGen Report
InfoValue
Log profileLog profile Cisco IOS
Analyzed log(s) F:\Logs\AdTran\Syslog-2008-01-07.log (10.00 MB)

Firewall typeAdTran
Analysis intervalAll entries in the specified log
Firewalls
NoFirewallConnectionsTraffic (MB)DenialsWarningsURLs
1FIREWALL_TO40704.22370000
Message types
NoCodeMessage sampleCount
21rule=22 proto=telnet src=192.168.1.93 dst=192.168.1.50 msg="Zero bytes transferred for connection Src 3846 Dst 23 from private policy-class" agent=AdFirewall41
36rule=23 proto=256/icmp src=192.168.1.93 dst=192.168.5.15 msg="Connection timed out.Bytes transferred : 12 from private policy-class" agent=AdFirewall876
Firewall: FIREWALL_TO

FIREWALL_TO - Traffic and denials per hour









HourTraffic (MB)%Connections%Denials%
00-0100.000.00010.23012.70!!!
01-0200.000.00010.23012.70!!!
02-0300.000.00010.23012.70!!!
03-0400.000.00010.23012.70!!!
04-0500.000.00010.23012.70!!!
05-0600.000.00010.23012.70!!!
06-0700.000.00000.00000.00
07-0800.000.00030.68038.11!!!
08-0900.000.00010.23012.70!!!
09-1000.000.00010.23012.70!!!
10-1100.000.00010.23012.70!!!
11-1200.0015.49286.310513.51
12-1300.0010.828619.37038.11
13-1400.0015.636013.51038.11
14-1500.0010.56388.56025.41
15-1600.0010.80388.56000.00
16-1700.001.23398.78025.41
17-1800.009.22368.11012.70
18-1900.0015.58449.910513.51
19-2000.003.78368.11012.70
20-2100.006.89255.63012.70
21-2200.000.00010.23012.70!!!
22-2300.000.00000.00000.00
23-2400.000.00010.23012.70!!!
FIREWALL_TO - Interfaces
NoInterfacesConnectionsMB%DenialsWarnings
1ppp to If1800.0200.421400
2private to If38804.2099.561800
3SELF to If0100.0000.020300
4comcast to If0000.0000.000200
 Total40704.22 3700
Firewall: FIREWALL_TO - Interfaces: ppp to If - Go to top
Top 10 sources
NoSourceBytes%Comment
1192.168.100.589,27150.08 
2192.168.100.613,48418.82 
3190.49.45.1541,1336.12 
465-125-49-210.dia.static.qwest.net (65.125.49.210)1,0765.81 
5201.216.9.2547754.19 
6pool-71-168-108-241.cncdnh.fast02.myfairpoint.net (71.168.108.241)5773.12 
7202.57.163.1925603.03 
8200.31.173.295322.87 
9200.188.209.84.dedicated.neoviatelecom.com.br (200.188.209.84)5102.75 
10adsl-84-227-86-131.adslplus.ch (84.227.86.131)3221.74 



Top 10 destinations
NoDestinationBytes%Comment
1192.168.1.1108,39245.333 denials recorded on 1/7/2008 9:56:48 AM
2192.168.1.874,55524.61 
3mail.bucksfirstfcu.com (65.115.231.163)4,40923.82360 denials recorded on 10/28/2011 3:37:55 AM
465.119.198.1661,0765.813 denials recorded on 1/7/2008 2:43:17 AM
5192.168.1.93800.43 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
1192.168.100.58TCP/4479018,00843.26 
2192.168.100.61TCP/1025 - agobot-worm022,64014.26 
3190.49.45.154SMTP011,1336.12 
465-125-49-210.dia.static.qwest.net (65.125.49.210)UDP/500 - ipsec011,0765.81 
5192.168.100.58UDP/53 - dns021,0715.79 
6201.216.9.254SMTP017754.19 
7pool-71-168-108-241.cncdnh.fast02.myfairpoint.net (71.168.108.241)SMTP015773.12 
8202.57.163.192SMTP015603.03 
9200.31.173.29SMTP015322.87 
10200.188.209.84.dedicated.neoviatelecom.com.br (200.188.209.84)SMTP015102.75 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
1192.168.100.58192.168.1.110TCP/4479018,00843.263 denials recorded on 1/7/2008 9:56:48 AM
2192.168.100.61192.168.1.87TCP/1025 - agobot-worm022,64014.26 
3190.49.45.154mail.bucksfirstfcu.com (65.115.231.163)SMTP011,1336.12360 denials recorded on 10/28/2011 3:37:55 AM
465-125-49-210.dia.static.qwest.net (65.125.49.210)65.119.198.166UDP/500 - ipsec011,0765.813 denials recorded on 1/7/2008 2:43:17 AM
5192.168.100.58192.168.1.87UDP/53 - dns021,0715.79 
6201.216.9.254mail.bucksfirstfcu.com (65.115.231.163)SMTP017754.19 
7pool-71-168-108-241.cncdnh.fast02.myfairpoint.net (71.168.108.241)mail.bucksfirstfcu.com (65.115.231.163)SMTP015773.12 
8202.57.163.192mail.bucksfirstfcu.com (65.115.231.163)SMTP015603.03 
9200.31.173.29mail.bucksfirstfcu.com (65.115.231.163)SMTP015322.87 
10200.188.209.84.dedicated.neoviatelecom.com.br (200.188.209.84)mail.bucksfirstfcu.com (65.115.231.163)SMTP015102.75 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1TCP/4479018,00843.26 
2SMTP074,40923.82 
3TCP/1025 - agobot-worm022,64014.26 
4UDP/500 - ipsec011,0765.81 
5UDP/53 - dns021,0715.79 
6TCP/135 - ms rpc038244.45 
7LDAP014042.18 
8TCP/517701800.43 



Top 10 denied sources
NoSourceConnectionsFirst denial%Comment
180-239-229-195.customer.teliacarrier.com (80.239.229.195)021/7/2008 6:14:49 PM14.292 denials recorded on 1/7/2008 6:14:49 PM
2testmq.myinterlend.com (151.196.64.41)011/6/2008 9:59:48 PM07.141 denials recorded on 1/6/2008 9:59:48 PM
3host81-148-90-144.in-addr.btopenworld.com (81.148.90.144)011/7/2008 12:00:45 AM07.141 denials recorded on 1/7/2008 12:00:45 AM
4smtp0.ctinetworks.com (205.166.61.207)011/7/2008 8:39:39 AM07.14 
5207.138.125.248011/7/2008 11:48:28 AM07.14 
6216.218.219.41011/7/2008 11:48:32 AM07.14 
7mail.homecu.net (199.184.207.89)011/7/2008 12:46:32 PM07.14360 denials recorded on 10/28/2011 3:37:55 AM
8w197.z065107215.bos-ma.dsl.cnc.net (65.107.215.197)011/7/2008 1:13:50 PM07.14 
9209.170.118.42011/7/2008 1:17:30 PM07.14 
1065.113.110.149011/7/2008 2:27:01 PM07.14 

Top 10 destinations for denied connections
NoDestinationConnectionsFirst denial%Comment
165.119.198.166081/6/2008 9:59:48 PM57.143 denials recorded on 1/7/2008 2:43:17 AM
2mail.bucksfirstfcu.com (65.115.231.163)051/7/2008 12:00:45 AM35.71360 denials recorded on 10/28/2011 3:37:55 AM
365-115-231-162.dia.static.qwest.net (65.115.231.162)011/7/2008 1:13:50 PM07.14 

Top 10 denied protocols
NoDenied protocolConnectionsFirst denial%Comment
1ICMP/8 - ping051/7/2008 11:48:28 AM35.71 
2SMTP031/7/2008 12:00:45 AM21.43 
3TCP/4751011/6/2008 9:59:48 PM07.14 
4TCP/135 - ms rpc011/7/2008 1:13:50 PM07.14 
5TCP/2565011/7/2008 1:17:30 PM07.14 
6TCP/1433 - ms sql011/7/2008 2:27:01 PM07.14 
7UDP/1026 - blaster-worm011/7/2008 4:23:44 PM07.14 
8UDP/54305011/7/2008 6:14:25 PM07.14 



Top 10 denial reasons
NoDenial reasonConnectionsFirst denial%Comment
1No Access Policy matched091/7/2008 11:48:28 AM64.29 
2TCP connection request received is invalid (expected SYN, got ACK)021/6/2008 9:59:48 PM14.29 
3Invalid sequence number received with RST021/7/2008 8:39:39 AM14.29 
4TCP connection request received is invalid (expecting SYN only)011/7/2008 1:17:30 PM07.14 



Top 10 denied sources, destinations, protocols and reasons
NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
180-239-229-195.customer.teliacarrier.com (80.239.229.195)65.119.198.166ICMP/8 - pingNo Access Policy matched021/7/2008 6:14:49 PM14.292 denials recorded on 1/7/2008 6:14:49 PM
2 denials recorded on 1/7/2008 6:14:49 PM
3 denials recorded on 1/7/2008 2:43:17 AM
2testmq.myinterlend.com (151.196.64.41)65.119.198.166TCP/4751TCP connection request received is invalid (expected SYN, got ACK)011/6/2008 9:59:48 PM7.141 denials recorded on 1/6/2008 9:59:48 PM
3host81-148-90-144.in-addr.btopenworld.com (81.148.90.144)mail.bucksfirstfcu.com (65.115.231.163)SMTPTCP connection request received is invalid (expected SYN, got ACK)011/7/2008 12:00:45 AM7.14360 denials recorded on 10/28/2011 3:37:55 AM
360 denials recorded on 10/28/2011 3:37:55 AM
1 denials recorded on 1/7/2008 12:00:45 AM
4smtp0.ctinetworks.com (205.166.61.207)mail.bucksfirstfcu.com (65.115.231.163)SMTPInvalid sequence number received with RST011/7/2008 8:39:39 AM7.14 
5207.138.125.24865.119.198.166ICMP/8 - pingNo Access Policy matched011/7/2008 11:48:28 AM7.14 
6216.218.219.4165.119.198.166ICMP/8 - pingNo Access Policy matched011/7/2008 11:48:32 AM7.14 
7mail.homecu.net (199.184.207.89)mail.bucksfirstfcu.com (65.115.231.163)SMTPInvalid sequence number received with RST011/7/2008 12:46:32 PM7.14 
8w197.z065107215.bos-ma.dsl.cnc.net (65.107.215.197)65-115-231-162.dia.static.qwest.net (65.115.231.162)TCP/135 - ms rpcNo Access Policy matched011/7/2008 1:13:50 PM7.14 
9209.170.118.4265.119.198.166TCP/2565TCP connection request received is invalid (expecting SYN only)011/7/2008 1:17:30 PM7.14 
1065.113.110.149mail.bucksfirstfcu.com (65.115.231.163)TCP/1433 - ms sqlNo Access Policy matched011/7/2008 2:27:01 PM7.14 

Top 10 denied protocols and reasons
NoProtocolReasonDenials%Comment
1ICMP/8 - pingNo Access Policy matched0535.71 
2SMTPInvalid sequence number received with RST0214.29 
3TCP/4751TCP connection request received is invalid (expected SYN, got ACK)017.14 
4SMTPTCP connection request received is invalid (expected SYN, got ACK)017.14 
5TCP/135 - ms rpcNo Access Policy matched017.14 
6TCP/2565TCP connection request received is invalid (expecting SYN only)017.14 
7TCP/1433 - ms sqlNo Access Policy matched017.14 
8UDP/1026 - blaster-wormNo Access Policy matched017.14 
9UDP/54305No Access Policy matched017.14 

Firewall: FIREWALL_TO - Interfaces: private to If - Go to top
Top 10 sources
NoSourceBytes%Comment
1192.168.1.1011,402,53231.82 
2192.168.1.991,001,40222.72 
3192.168.1.96447,70210.1611 denials recorded on 1/6/2008 11:11:33 PM
4192.168.1.238408,4619.27 
5192.168.1.47284,9446.46 
6192.168.1.81248,8275.64 
7192.168.1.9173,5443.94 
8192.168.1.11162,1443.683 denials recorded on 1/7/2008 9:56:48 AM
9192.168.1.93128,8172.92 
10192.168.1.862,2301.41 



Top 10 destinations
NoDestinationBytes%Comment
1testmq.myinterlend.com (151.196.64.41)1,402,53231.821 denials recorded on 1/6/2008 9:59:48 PM
2mq.myinterlend.com (151.196.64.38)1,001,40222.72 
3216.129.105.112440,2169.99 
4216.178.38.143298,3576.77 
5209.170.118.42165,4193.75 
6204.17.42.250164,3793.73 
7209.10.160.46142,1553.22 
8209.170.118.58135,0623.06 
94a.25.364a.static.theplanet.com (74.54.37.74)99,5452.26 
10relay.verizon.net (206.46.232.11)98,5282.24 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
1192.168.1.101HTTPS221,402,53231.82 
2192.168.1.99HTTPS101,001,40222.72 
3192.168.1.96HTTP03442,05910.0311 denials recorded on 1/6/2008 11:11:33 PM
4192.168.1.238HTTP05408,4619.27 
5192.168.1.47HTTP05284,9446.46 
6192.168.1.81HTTP09248,8275.64 
7192.168.1.9HTTP03173,5443.94 
8192.168.1.11HTTP20125,4972.853 denials recorded on 1/7/2008 9:56:48 AM
9192.168.1.93SMTP0198,5282.24 
10192.168.1.8HTTP0462,2301.41 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
1192.168.1.101testmq.myinterlend.com (151.196.64.41)HTTPS221,402,53231.821 denials recorded on 1/6/2008 9:59:48 PM
2192.168.1.99mq.myinterlend.com (151.196.64.38)HTTPS101,001,40222.72 
3192.168.1.96216.129.105.112HTTP01440,2169.9911 denials recorded on 1/6/2008 11:11:33 PM
4192.168.1.238216.178.38.143HTTP01298,3576.77 
5192.168.1.9209.170.118.42HTTP01165,4193.75 
6192.168.1.81204.17.42.250HTTP04164,3793.73 
7192.168.1.47209.10.160.46HTTP01142,1553.22 
8192.168.1.47209.170.118.58HTTP01135,0623.06 
9192.168.1.2384a.25.364a.static.theplanet.com (74.54.37.74)HTTP0199,5452.26 
10192.168.1.93relay.verizon.net (206.46.232.11)SMTP0198,5282.24 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1HTTPS392,474,87456.14 
2HTTP551,784,13340.47 
3SMTP0399,1772.25 
4TCP/1025 - agobot-worm0520,5840.47 
5UDP/53 - dns208,4280.19 
6ICMP025,8880.13 
7TCP/50668035,4480.12 
8ICMP/2562423,7070.08 
9UDP/137 - netbios112,7460.06 
10TCP/135 - ms rpc032,6960.06 



Top 10 denied sources
NoSourceConnectionsFirst denial%Comment
1192.168.1.96111/6/2008 11:11:33 PM61.1111 denials recorded on 1/6/2008 11:11:33 PM
2192.168.1.11031/7/2008 9:56:48 AM16.673 denials recorded on 1/7/2008 9:56:48 AM
3192.168.1.17021/7/2008 5:25:20 AM11.112 denials recorded on 1/7/2008 5:25:20 AM
4192.168.1.81011/7/2008 7:50:56 AM05.56 
5192.168.1.238011/7/2008 11:49:43 AM05.56 

Top 10 destinations for denied connections
NoDestinationConnectionsFirst denial%Comment
1216.129.105.129021/7/2008 3:35:17 AM11.11 
2www.midatlanticcorp.org (12.20.249.19)021/7/2008 5:25:20 AM11.11 
359.39.202.198011/6/2008 11:11:33 PM05.56 
4mail.itsolutions.bg (77.70.13.150)011/7/2008 1:14:18 AM05.56360 denials recorded on 10/28/2011 3:37:55 AM
558.69.66.96011/7/2008 4:59:30 AM05.56 
6eforwardct.name-services.com (216.163.188.58)011/7/2008 7:00:41 AM05.56 
7204.17.42.208011/7/2008 7:50:56 AM05.56 
865.127.196.71011/7/2008 9:56:48 AM05.56 
989.149.84.235011/7/2008 10:27:01 AM05.56 
10205.203.131.55011/7/2008 11:24:12 AM05.56 

Top 10 denied protocols
NoDenied protocolConnectionsFirst denial%Comment
1HTTP071/7/2008 3:35:17 AM38.89 
2HTTPS031/7/2008 5:25:20 AM16.67 
3SMTP021/7/2008 7:00:41 AM11.11 
4TCP/24729011/6/2008 11:11:33 PM05.56 
5TCP/3935011/7/2008 1:14:18 AM05.56 
6TCP/16784011/7/2008 4:59:30 AM05.56 
7TCP/3958011/7/2008 10:27:01 AM05.56 
8TCP/2819011/7/2008 12:03:58 PM05.56 
9TCP/2774011/7/2008 1:46:18 PM05.56 



Top 10 denial reasons
NoDenial reasonConnectionsFirst denial%Comment
1TCP connection request received is invalid (expected SYN, got ACK)171/6/2008 11:11:33 PM94.44 
2Invalid sequence number received with RST011/7/2008 11:24:12 AM05.56 



Top 10 denied sources, destinations, protocols and reasons
NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
1192.168.1.96216.129.105.129HTTPTCP connection request received is invalid (expected SYN, got ACK)021/7/2008 3:35:17 AM11.1111 denials recorded on 1/6/2008 11:11:33 PM
2192.168.1.17www.midatlanticcorp.org (12.20.249.19)HTTPSTCP connection request received is invalid (expected SYN, got ACK)021/7/2008 5:25:20 AM11.112 denials recorded on 1/7/2008 5:25:20 AM
3192.168.1.9659.39.202.198TCP/24729TCP connection request received is invalid (expected SYN, got ACK)011/6/2008 11:11:33 PM5.56 
4192.168.1.96mail.itsolutions.bg (77.70.13.150)TCP/3935TCP connection request received is invalid (expected SYN, got ACK)011/7/2008 1:14:18 AM5.56360 denials recorded on 10/28/2011 3:37:55 AM
5192.168.1.9658.69.66.96TCP/16784TCP connection request received is invalid (expected SYN, got ACK)011/7/2008 4:59:30 AM5.56 
6192.168.1.96eforwardct.name-services.com (216.163.188.58)SMTPTCP connection request received is invalid (expected SYN, got ACK)011/7/2008 7:00:41 AM5.56 
7192.168.1.81204.17.42.208HTTPTCP connection request received is invalid (expected SYN, got ACK)011/7/2008 7:50:56 AM5.56 
8192.168.1.1165.127.196.71HTTPTCP connection request received is invalid (expected SYN, got ACK)011/7/2008 9:56:48 AM5.563 denials recorded on 1/7/2008 9:56:48 AM
9192.168.1.9689.149.84.235TCP/3958TCP connection request received is invalid (expected SYN, got ACK)011/7/2008 10:27:01 AM5.56 
10192.168.1.11205.203.131.55HTTPInvalid sequence number received with RST011/7/2008 11:24:12 AM5.56 

Top 10 denied protocols and reasons
NoProtocolReasonDenials%Comment
1HTTPTCP connection request received is invalid (expected SYN, got ACK)0633.33 
2HTTPSTCP connection request received is invalid (expected SYN, got ACK)0316.67 
3SMTPTCP connection request received is invalid (expected SYN, got ACK)0211.11 
4TCP/24729TCP connection request received is invalid (expected SYN, got ACK)015.56 
5TCP/3935TCP connection request received is invalid (expected SYN, got ACK)015.56 
6TCP/16784TCP connection request received is invalid (expected SYN, got ACK)015.56 
7TCP/3958TCP connection request received is invalid (expected SYN, got ACK)015.56 
8HTTPInvalid sequence number received with RST015.56 
9TCP/2819TCP connection request received is invalid (expected SYN, got ACK)015.56 
10TCP/2774TCP connection request received is invalid (expected SYN, got ACK)015.56 

Firewall: FIREWALL_TO - Interfaces: SELF to If - Go to top
Top 10 sources
NoSourceBytes%Comment
165.119.198.166924100.003 denials recorded on 1/7/2008 2:43:17 AM

Top 10 destinations
NoDestinationBytes%Comment
1216.189.255.12924100.00 

Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
165.119.198.166UDP/500 - ipsec01924100.003 denials recorded on 1/7/2008 2:43:17 AM

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
165.119.198.166216.189.255.12UDP/500 - ipsec01924100.003 denials recorded on 1/7/2008 2:43:17 AM

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1UDP/500 - ipsec01924100.00 

Top 10 denied sources
NoSourceConnectionsFirst denial%Comment
165.119.198.166031/7/2008 2:43:17 AM100.003 denials recorded on 1/7/2008 2:43:17 AM

Top 10 destinations for denied connections
NoDestinationConnectionsFirst denial%Comment
1c-76-108-54-130.hsd1.fl.comcast.net (76.108.54.130)011/7/2008 2:43:17 AM33.33 
2chello062178002193.1.11.vie.surfer.at (62.178.2.193)011/7/2008 4:19:42 PM33.33 
3static-66-12-230-242.bdsl.verizon.net (66.12.230.242)011/7/2008 7:23:51 PM33.33 

Top 10 denied protocols
NoDenied protocolConnectionsFirst denial%Comment
1ICMP031/7/2008 2:43:17 AM100.00 

Top 10 denial reasons
NoDenial reasonConnectionsFirst denial%Comment
1ICMP Type: 0 Code: 0 Echo response for uninitiated echo request(Possible Smurf Attack)031/7/2008 2:43:17 AM100.00 

Top 10 denied sources, destinations, protocols and reasons
NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
165.119.198.166c-76-108-54-130.hsd1.fl.comcast.net (76.108.54.130)ICMPICMP Type: 0 Code: 0 Echo response for uninitiated echo request(Possible Smurf Attack)011/7/2008 2:43:17 AM33.333 denials recorded on 1/7/2008 2:43:17 AM
265.119.198.166chello062178002193.1.11.vie.surfer.at (62.178.2.193)ICMPICMP Type: 0 Code: 0 Echo response for uninitiated echo request(Possible Smurf Attack)011/7/2008 4:19:42 PM33.33 
365.119.198.166static-66-12-230-242.bdsl.verizon.net (66.12.230.242)ICMPICMP Type: 0 Code: 0 Echo response for uninitiated echo request(Possible Smurf Attack)011/7/2008 7:23:51 PM33.33 

Top 10 denied protocols and reasons
NoProtocolReasonDenials%Comment
1ICMPICMP Type: 0 Code: 0 Echo response for uninitiated echo request(Possible Smurf Attack)03100.00 

Firewall: FIREWALL_TO - Interfaces: comcast to If - Go to top
Top 10 denied sources
NoSourceConnectionsFirst denial%Comment
1222.161.2.24011/7/2008 11:51:55 AM50.001 denials recorded on 1/7/2008 11:51:55 AM
2122-124-161-149.dynamic.hinet.net (122.124.161.149)011/7/2008 8:07:50 PM50.001 denials recorded on 1/7/2008 8:07:50 PM

Top 10 destinations for denied connections
NoDestinationConnectionsFirst denial%Comment
174-94-9-125-philadelphia-panjde.hfc.comcastbusiness.net (74.94.9.125)021/7/2008 11:51:55 AM100.00 

Top 10 denied protocols
NoDenied protocolConnectionsFirst denial%Comment
1UDP/1027 - blaster-worm011/7/2008 11:51:55 AM50.00 
2SMTP011/7/2008 8:07:50 PM50.00 



Top 10 denial reasons
NoDenial reasonConnectionsFirst denial%Comment
1No Access Policy matched021/7/2008 11:51:55 AM100.00 

Top 10 denied sources, destinations, protocols and reasons
NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
1222.161.2.2474-94-9-125-philadelphia-panjde.hfc.comcastbusiness.net (74.94.9.125)UDP/1027 - blaster-wormNo Access Policy matched011/7/2008 11:51:55 AM50.001 denials recorded on 1/7/2008 11:51:55 AM
2122-124-161-149.dynamic.hinet.net (122.124.161.149)74-94-9-125-philadelphia-panjde.hfc.comcastbusiness.net (74.94.9.125)SMTPNo Access Policy matched011/7/2008 8:07:50 PM50.001 denials recorded on 1/7/2008 8:07:50 PM

Top 10 denied protocols and reasons
NoProtocolReasonDenials%Comment
1UDP/1027 - blaster-wormNo Access Policy matched0150.00 
2SMTPNo Access Policy matched0150.00 

Other messages
NoCodeMessage sampleCountComment
16proto=esp src=65.119.198.166 dst=65.125.49.210 vpn=9-2 type=1 msg="Outbound SA Life Time Expired - SPI 0x4bda0f12, Remote ID 65.125.49.210" agent=iSecure 1.0363 denials recorded on 1/7/2008 2:43:17 AM
To assist us in improving the analyzer, please send the messages above to support@firegen.com and they will be added to the next release of Firegen.

Analysis details
Analysis start time11/15/2011 7:54:04 PM
Analysis duration0.64 minutes (38 seconds)
Analysis engine versionAdTran parser version: 0.01
FireGen30Service.exe - FireGen scheduler service: 3.0.0.0
Filtering criteriaAll entries
Excluded keywordsNone
Glossary
!!!Indicates that a high denials:connections ration has been detected. The current configured ratio is 3. The !!! indicates that the percentage of denials for that hour is bigger than 3 x the connections percentage. This indicates some unusual denial activity that may have to be investigated. The ratio can be configured on the Report Formats interface.
Other messagesThe Other messages represents a list of message not yet configured in the Firegen parser. Please send these messages to us (support@firegen.com) and we will add them in the next Firegen update. These messages are included in the list of message types but they are not yet fully understood by the analyzer.
  • Navigation