Report : Firewall_Monthly_YYMM
Transcription
Report : Firewall_Monthly_YYMM
Monthly General Firewall Statistics 10,217 33 17 12,298 119 26 6 Internal Users External Destinations Internal Servers 3 Blocked: Events 1,296 96 4 Accepted: 113,257 Next Network Forensics - Monthly Filtering by Day Traffic - Traffic Activity Trends Based on The Number of IP Addresses External Visitors October, 2004 Previous 100000 90000 80000 70000 60000 50000 40000 30000 20000 10000 0 Blocked Accepted 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Day of the Month 2 Blocked: 27,207 1 Accepted: 69,822 3 Services - Number of Different Services 4 5 Accepted Inbound 1 2 6 5 Blocked: 6 Accepted: 149,754 Outbound 3,632 107 Internal 7,939 78 5 1,808 Services - Top 5 Accepted Services by Hits Network Forensics - Most Active Internal User and External Visitor Source Action Total Hits LAN DataSet 192.168.0.201 D7 Accepted 227,602 LAN DataSet 192.168.0.201 D7 Blocked 121,699 External 213.41.140.159 monchel.net1.nerim.NET Accepted External 81.251.213.44 Blocked AMontpellier-251-1-41-44.w81-251.abo.wanadoo. System Web Report printed on Friday November 12, 2004 at 11:53 5 Error (External ->External) 422,795 Blocked 26,281 1,733 Other Mail 4 195,920 56,245 8 5,836 File Sharing Total: 69,822 38,902 234,824 107,361 6,505 168,968 43,354 39,912 83,273 39,942 593 46,371 27,816 36 27,852 422,795 113,257 604,448 © NetReport www.net-report.net MB 3,008 4,228 Page 1/46 Graph of Events by Day of the Month October 2004 Traffic - Accepted Traffic Accepted Internal Accepted 90000 80000 70000 Hits 60000 Outbound Accepted 50000 40000 30000 20000 10000 Inbound Accepted 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Day of the Month Traffic - Blocked Traffic Blocked Internal Blocked 20000 18000 16000 Hits 14000 12000 Outbound Blocked 10000 8000 6000 4000 2000 Inbound Blocked 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Day of the Month Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 2/46 October 2004 Graph of Events by Day of the Month Inbound Date Friday, October 1 Saturday, October 2 Sunday, October 3 Monday, October 4 Tuesday, October 5 Wednesday, October 6 Thursday, October 7 Friday, October 8 Saturday, October 9 Sunday, October 10 Monday, October 11 Tuesday, October 12 Wednesday, October 13 Thursday, October 14 Friday, October 15 Total for October 2004 Outbound Internal Total Accepted Blocked Accepted Blocked Accepted Blocked Accepted Blocked Total 5,674 2,713 2,837 6,788 5,370 3,935 174 8,043 5,775 3,809 8,790 4,228 5,719 2,471 3,496 69,822 3,066 3,019 4,333 3,604 1,248 1,356 156 1,998 2,349 2,822 702 929 1,363 207 55 27,207 49,073 27,838 22,384 41,246 35,473 33,635 2,379 45,149 25,420 9,078 44,622 56,980 13,706 5,199 10,613 422,795 13,727 13,769 15,418 13,376 10,320 9,518 981 12,406 12,821 13,182 10,140 7,445 7,539 4,067 5,045 149,754 15,563 2,056 2,577 16,430 10,014 6,914 341 7,718 3,628 3,462 5,567 23,657 9,081 1,495 4,754 113,257 15 70,310 32,607 27,798 64,464 50,857 44,484 2,894 60,910 34,823 16,349 58,979 84,865 28,506 9,165 18,863 605,874 16,808 16,788 19,751 16,980 11,568 10,874 1,137 14,405 15,170 16,005 10,856 8,438 8,902 4,274 5,101 177,057 87,118 49,395 47,549 81,444 62,425 55,358 4,031 75,315 49,993 32,354 69,835 93,303 37,408 13,439 23,964 782,931 Report printed on Friday November 12, 2004 at 11:53 1 1 14 64 1 96 © NetReport www.net-report.net Page 3/46 Blocked and Accepted Traffic Figures Analyzed by Number of Hits October 2004 Type Action Inbound Outbound Internal Total Hits Total MB accept 69,822 422,795 113,257 604,448 4,228 69,822 422,795 113,257 604,448 4,228 27,202 149,745 12 149,757 5 9 84 93 Total Blocked: 27,207 149,754 96 149,850 Total for October 2004 97,029 572,549 113,353 754,298 Accepted Total Accepted: Blocked drop reject Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net 4,228 Page 4/46 Top 100 Accepted Services by Source and Destination October 2004 Source Area Destination Area Service Service comment Rule Total Hits October 2004 522,786 DMZ 34,988 DMZ DMZ 61 DMZ DMZ DMZ External DMZ External 53 Domain Name Server 15 34,748 DMZ External 25 Simple Mail Transfer 15 147 DMZ External 80 World Wide Web HTTP 15 30 DMZ Firewall DMZ Firewall 53 Domain Name Server 15 61 34,925 2 18184 Report printed on Friday November 12, 2004 at 11:53 OPSEC LEA (Checkpoint) 15 2 © NetReport www.net-report.net Page 5/46 Top 100 Accepted Services by Source and Destination October 2004 Source Area Destination Area Service Service comment Rule Total Hits October 2004 522,786 External 69,822 External DMZ 62,553 External DMZ 80 World Wide Web HTTP 17 55,102 External DMZ 21 File Transfer [Control] 17 7,449 External DMZ 53 Domain Name Server 17 2 External External External External 80 World Wide Web HTTP 17 1,143 External External 21 File Transfer [Control] 17 277 External External 500 isakmp internal 3 External External 53 Domain Name Server 17 2 External External 264 BGMP internal 1 External LAN DataSet External LAN DataSet 143 External LAN DataSet 44343 1,426 5,843 Report printed on Friday November 12, 2004 at 11:53 Internet Message Access Protocol 8 5,836 18 7 © NetReport www.net-report.net Page 6/46 Top 100 Accepted Services by Source and Destination October 2004 Source Area Destination Area Service Service comment Rule Total Hits October 2004 522,786 LAN DataSet 417,976 LAN DataSet DMZ 45,379 LAN DataSet DMZ 445 Microsoft-DS 14 38,616 LAN DataSet DMZ 80 World Wide Web HTTP 13 6,471 LAN DataSet DMZ 21 File Transfer [Control] 14 66 LAN DataSet DMZ 7424 DataSet Remote Control 14 47 LAN DataSet DMZ 7427 OpenView DM Event Agent Manager 14 43 LAN DataSet DMZ 1434 Microsoft-SQL-Monitor 14 39 LAN DataSet DMZ 1433 Microsoft-SQL-Server 14 34 LAN DataSet DMZ 12343 NetReport XML Configuration Server 14 34 LAN DataSet DMZ 7425 DataSet Remote Control 14 29 LAN DataSet External LAN DataSet External 53 Domain Name Server 14 154,035 LAN DataSet External 80 World Wide Web HTTP 13 104,888 LAN DataSet External 110 Post Office Protocol - Version 3 14 38,070 LAN DataSet External 4662 edonkey 14 20,309 LAN DataSet External 4672 remote file access server 14 14,699 LAN DataSet External 4665 edonkey 14 7,109 LAN DataSet External 2234 DirectPlay 14 5,832 LAN DataSet External 67 Bootstrap Protocol Server 14 3,604 LAN DataSet External 4246 14 3,565 LAN DataSet External 68 Bootstrap Protocol Client 14 3,481 LAN DataSet External 25 Simple Mail Transfer 14 1,705 LAN DataSet External 1863 MSN Messenger 14 1,464 LAN DataSet External 443 http protocol over TLS/SSL 14 1,288 372,597 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 7/46 Top 100 Accepted Services by Source and Destination October 2004 Source Area Destination Area Service Service comment Rule Total Hits October 2004 522,786 LAN DataSet 417,976 LAN DataSet External 372,597 LAN DataSet External 2409 SNS Protocol 14 887 LAN DataSet External 4661 Kar2ouche Peer location service 14 750 LAN DataSet External 3310 Dyna Access 14 606 LAN DataSet External 4650 14 588 LAN DataSet External 9888 14 517 LAN DataSet External 34300 14 355 LAN DataSet External 4646 14 348 LAN DataSet External 2491 Conclave CPP 14 305 LAN DataSet External 123 Network Time Protocol 14 302 LAN DataSet External 8084 14 300 LAN DataSet External 9959 14 295 LAN DataSet External 12769 14 292 LAN DataSet External 6569 14 292 LAN DataSet External 7658 14 291 LAN DataSet External 4577 14 288 LAN DataSet External 5682 14 285 LAN DataSet External 5672 14 274 LAN DataSet External 2327 xingcsm 14 260 LAN DataSet External 6346 gnutella-svc 14 257 LAN DataSet External 15280 14 195 LAN DataSet External 7001 14 193 LAN DataSet External 5662 14 182 LAN DataSet External 23825 14 180 LAN DataSet External 2235 14 171 Report printed on Friday November 12, 2004 at 11:53 CYBORG Systems callbacks to cache managers Sercomm-WLink © NetReport www.net-report.net Page 8/46 Top 100 Accepted Services by Source and Destination October 2004 Source Area Destination Area Service Service comment Rule Total Hits October 2004 522,786 LAN DataSet 417,976 LAN DataSet External 372,597 LAN DataSet External 50355 14 161 LAN DataSet External 64014 14 158 LAN DataSet External 28936 14 149 LAN DataSet External 24856 14 148 LAN DataSet External 43307 14 146 LAN DataSet External 8080 HTTP Alternate (see port 80) 14 142 LAN DataSet External 4663 edonkey 14 141 LAN DataSet External 4666 14 128 LAN DataSet External 5773 14 128 LAN DataSet External 27472 14 127 LAN DataSet External 4242 14 126 LAN DataSet External 5783 14 121 LAN DataSet External 4673 14 111 LAN DataSet External 4682 14 111 LAN DataSet External 39028 14 107 LAN DataSet External 1434 14 106 LAN DataSet External 779 14 106 LAN DataSet External 4664 14 104 LAN DataSet External 17646 14 103 LAN DataSet External 7329 14 102 LAN DataSet External 64000 14 101 LAN DataSet External 38390 14 99 LAN DataSet External 8892 14 99 LAN DataSet External 9709 14 99 Report printed on Friday November 12, 2004 at 11:53 Microsoft-SQL-Monitor Desktop Data UDP 4: FARM product © NetReport www.net-report.net Page 9/46 Top 100 Accepted Services by Source and Destination October 2004 Source Area Destination Area Service Service comment Rule Total Hits October 2004 522,786 LAN DataSet 417,976 LAN DataSet External 372,597 LAN DataSet External 49053 14 97 LAN DataSet External 15098 14 95 LAN DataSet External 789 14 93 LAN DataSet External 25984 14 91 LAN DataSet External 17864 14 90 LAN DataSet External 100 14 89 LAN DataSet External 4224 14 84 LAN DataSet External 60000 14 80 LAN DataSet External 56936 14 76 LAN DataSet External 52459 14 75 LAN DataSet External 6672 vision_server 14 74 LAN DataSet External 444 Simple Network Paging Protocol 14 72 LAN DataSet External 19832 14 70 LAN DataSet External 10732 14 64 LAN DataSet External 4000 14 62 Report printed on Friday November 12, 2004 at 11:53 VRML Multi User Systems ICQ © NetReport www.net-report.net Page 10/46 Top 100 Blocked Services by Source and Destination October 2004 Source Area October 2004 Destination Area Service Service comment Rule Total Hits 159 DMZ 159 DMZ External 152 DMZ External 53 DMZ External DMZ internal 6 11024 19 5 External 12442 19 5 DMZ External 30131 19 5 DMZ External 15616 19 5 DMZ External 26022 19 5 DMZ External 21508 19 5 DMZ External 19321 19 4 DMZ External 19220 19 4 DMZ External 28048 19 4 DMZ External 11134 19 4 DMZ External 4515 19 4 DMZ External 3451 19 3 DMZ External 13581 19 3 DMZ External 1838 19 3 DMZ External 52394 19 2 DMZ External 10855 19 2 DMZ External 33933 19 2 DMZ External 33932 19 2 DMZ External 33734 19 2 DMZ External 39276 19 2 DMZ External 37462 19 2 DMZ External 51202 19 2 DMZ External 63421 19 2 Report printed on Friday November 12, 2004 at 11:53 Domain Name Server ASAM Services TALNET © NetReport www.net-report.net Page 11/46 Top 100 Blocked Services by Source and Destination October 2004 Source Area October 2004 Destination Area Service Service comment Rule Total Hits 159 DMZ 159 DMZ External 152 DMZ External 63401 19 1 DMZ External 63366 19 1 DMZ External 63118 19 1 DMZ External 60891 19 1 DMZ External 57790 19 1 DMZ External 57789 19 1 DMZ External 57787 19 1 DMZ External 56709 19 1 DMZ External 54602 19 1 DMZ External 53992 19 1 DMZ External 53985 19 1 DMZ External 51174 19 1 DMZ External 50721 19 1 DMZ External 50336 19 1 DMZ External 50275 19 1 DMZ External 49136 19 1 DMZ External 49021 19 1 DMZ External 48757 19 1 DMZ External 48362 19 1 DMZ External 48358 19 1 DMZ External 45893 19 1 DMZ External 45892 19 1 DMZ External 41341 19 1 DMZ External 4054 19 1 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 12/46 Top 100 Blocked Services by Source and Destination October 2004 Source Area October 2004 Destination Area Service Service comment Rule Total Hits 159 DMZ 159 DMZ External 152 DMZ External 40505 19 1 DMZ External 34253 19 1 DMZ External 33963 19 1 DMZ External 33939 19 1 DMZ External 33935 19 1 DMZ External 35955 19 1 DMZ External 35940 19 1 DMZ External 34643 19 1 DMZ External 34610 19 1 DMZ External 34609 19 1 DMZ External 34608 19 1 DMZ External 34581 19 1 DMZ External 29862 19 1 DMZ External 2848 19 1 DMZ External 14424 19 1 DMZ External 1434 19 1 DMZ External 20519 19 1 DMZ External 2049 19 1 DMZ External 19673 19 1 DMZ External 19597 19 1 DMZ External 18729 19 1 DMZ External 18702 19 1 DMZ External 18669 19 1 DMZ External 18073 19 1 Report printed on Friday November 12, 2004 at 11:53 AMT-BLC-PORT Microsoft-SQL-Monitor Network File System - Sun Microsystems © NetReport www.net-report.net Page 13/46 Top 100 Blocked Services by Source and Destination October 2004 Source Area October 2004 Destination Area Service Service comment Rule Total Hits 159 DMZ 159 DMZ External 152 DMZ External 16779 19 1 DMZ External 16769 19 1 DMZ External 12533 19 1 DMZ External 12476 19 1 DMZ External 11934 19 1 DMZ External 10863 19 1 DMZ External 10857 19 1 DMZ External 10856 19 1 DMZ External 10832 19 1 DMZ External 10444 19 1 DMZ External 10437 19 1 DMZ External 52113 19 1 DMZ External 9248 19 1 DMZ External 8874 19 1 DMZ External 8354 19 1 DMZ External 7226 19 1 DMZ External 7073 19 1 DMZ External 6905 19 1 DMZ External 6897 19 1 DMZ External 6421 19 1 DMZ External 63436 19 1 DMZ Firewall DMZ Firewall 7 34955 Report printed on Friday November 12, 2004 at 11:53 19 1 © NetReport www.net-report.net Page 14/46 Top 100 Blocked Services by Source and Destination October 2004 Source Area October 2004 Destination Area Service Service comment Rule Total Hits 159 DMZ 159 DMZ Firewall 7 DMZ Firewall 19346 19 1 DMZ Firewall 19345 19 1 DMZ Firewall 14659 19 1 DMZ Firewall 13962 19 1 DMZ Firewall 13960 19 1 DMZ Firewall 13959 19 1 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 15/46 Number of Events by Rules October 2004 Events by Rules Internal Blocked 500000 480000 460000 440000 Outbound Blocked 420000 400000 380000 360000 340000 320000 Inbound Blocked 300000 Events 280000 260000 240000 220000 200000 Internal Accepted 180000 160000 140000 120000 100000 80000 Outbound Accepted 60000 40000 20000 al in te rn 19 18 17 15 14 13 10 8 4 0 Inbound Accepted Rules Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 16/46 Number of Events by Rules Inbound Rule Accepted Outbound Blocked Accepted 101 Internal Blocked 15 17 18 19 5,836 63,975 7 104,888 281,556 118,543 34,925 1,422 2 27,104 internal Total October 2004 2 4 69,822 Report printed on Friday November 12, 2004 at 11:53 27,207 Accepted 221 4 8 10 13 14 October 2004 Total Hits Blocked Accepted 17 Blocked Total 339 12 12 339 12 546 36 6,481 106,116 6,382 36 111,369 387,672 6,382 36 111,369 506,282 67 63 27,828 34,988 65,397 7 54,944 34,988 65,401 7 54,944 11 3,160 3,171 605,874 177,057 782,931 © NetReport www.net-report.net Page 17/46 12 4 3,160 3 422,795 149,754 113,257 118,610 96 4 Top 30 Accepted Internal Users Sorted by Hits. October 2004 Source Area Internal User Hits Hits % LAN DataSet LAN DataSet LAN DataSet DMZ LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet LAN DataSet 192.168.0.201/D7 192.168.0.202/PROXY 192.168.0.68 203.162.14.80/www.netreport.fr 192.168.0.61/KIWI 192.168.0.83/ABDEL 192.168.0.204 192.168.0.52/BOUZIGUES 192.168.0.62/PATATE 192.168.0.54/NR-FFBURTIN 192.168.0.51/TOMATE 192.168.0.53/CHIVAS 192.168.0.69 192.168.0.66/COMPTA 192.168.0.65/SKIPPER 192.168.0.74 192.168.0.67/CARAMBOLE 192.168.0.56/FRAISE 192.168.0.37/ZZA-G5DMV9I4B86 192.168.0.63/VMTOMATE 192.168.0.58/LYCHEE 192.168.0.59/IS~D72 192.168.0.77/VMTOMATE 192.168.0.84/VMWAREWINXPPRO 192.168.0.55/VMGGO 192.168.0.70/FEZ 192.168.0.241/B 192.168.0.57/VMVERO 192.168.0.71/VMGGO 192.168.0.73/VMABDEL 227,602 62,898 62,827 34,988 33,042 22,914 21,887 20,726 13,719 10,495 8,897 4,474 2,445 1,284 1,259 1,197 1,156 947 472 363 235 196 145 139 138 67 58 19 16 14 42.57% 11.77% 11.75% 6.54% 6.18% 4.29% 4.09% 3.88% 2.57% 1.96% 1.66% 0.84% 0.46% 0.24% 0.24% 0.22% 0.22% 0.18% 0.09% 0.07% 0.04% 0.04% 0.03% 0.03% 0.03% 0.01% 0.01% 0.00% 0.00% 0.00% 6,537 1,029,382 19,004 0.36% 57.46% 1.06% 155 49,187 279 0.28% 89.03% 0.50% 264,813 17,423 14.78% 0.97% 2,163 366 3.91% 0.66% 303 51,439 97,121 14,558 9,212 11,215 124,645 6 262 5,159 14,103 2 80,723 6,133 0.02% 2.87% 5.42% 0.81% 0.51% 0.63% 6.96% 0.00% 0.01% 0.29% 0.79% 0.00% 4.51% 0.34% 7 519 1,125 135 35 191 468 143 44 0.01% 0.94% 2.04% 0.24% 0.06% 0.35% 0.85% 0.00% 0.04% 0.32% 0.15% 0.00% 0.26% 0.08% 19,567 1.09% 34 0.06% 680 18,400 203 30 0.04% 1.03% 0.01% 0.00% 82 15 6 5 0.15% 0.03% 0.01% 0.01% 420 0.02% 6 0.01% Total for the above User list: 534,619 100.00% 1,791,342 100.00% 55,245 100.00% Total for all User for the same period: 534,626 Report printed on Friday November 12, 2004 at 11:53 K-Bytes K-Bytes % Elapsed Time (min) Elaps. Time % 1,791,342 21 178 83 55,245 © NetReport www.net-report.net Page 18/46 Top 30 Accepted Visitors Sorted by Hits. October 2004 Source Area Visitor External External External External External External External External External External External External External External External External External External External External External External External External External External External External External External 213.41.140.159/monchel.net1.nerim.NET 213.146.130.30/213-146-130-30-in-addr.intechnology.co.uk 217.7.71.189 207.46.98.83 195.6.68.20 66.249.65.236 194.98.147.189 213.53.164.236 212.81.78.219 82.120.124.134/AVelizy-152-1-34-134.w82-120.abo.wanadoo.fr 82.120.1.106/AVelizy-152-1-3-106.w82-120.abo.wanadoo.fr 212.210.11.4 62.101.126.215/62-101-126-215.fastres.NET 63.238.163.79 82.124.130.198/APuteaux-153-1-38-198.w82-124.abo.wanadoo.fr 62.134.32.25 82.120.125.77/AVelizy-152-1-35-77.w82-120.abo.wanadoo.fr 62.160.159.241 217.14.40.1 212.11.18.190/pompiers-nat.clients.easynet.fr 82.124.48.159/APuteaux-153-1-2-159.w82-124.abo.wanadoo.fr 212.214.255.93 212.129.58.114 82.168.63.4/82-168-63-4-bbxl.xdsl.tiscali.nl 81.208.45.7 81.251.84.227/AMontpellier-251-1-36-227.w81-251.abo.wanadoo.fr 80.21.84.11/host11-84.pool8021.interbusiness.it 62.23.218.34/host.34.218.23.62.rev.coltfrance.COM 66.147.154.3/wfp2.almaden.ibm.com 195.195.18.1 Total for the above User list: Total for all User for the same period: Report printed on Friday November 12, 2004 at 11:53 Hits Hits % 26,281 8,861 2,718 1,469 1,010 646 574 541 493 491 484 478 470 438 383 374 352 338 306 286 282 264 263 262 258 251 246 244 210 194 53.13% 17.91% 5.49% 2.97% 2.04% 1.31% 1.16% 1.09% 1.00% 0.99% 0.98% 0.97% 0.95% 0.89% 0.77% 0.76% 0.71% 0.68% 0.62% 0.58% 0.57% 0.53% 0.53% 0.53% 0.52% 0.51% 0.50% 0.49% 0.42% 0.39% 12,844 60,606 10,234 31,516 26,318 5,261 13,908 7,928 33,180 2,654 4,330 3,280 9,548 165 3,068 859 2,005 8,286 4,480 2,404 1,369 2,463 16,203 5,129 7,422 1,090 2,188 9,139 1,104 1,471 4.42% 20.87% 3.52% 10.85% 9.06% 1.81% 4.79% 2.73% 11.42% 0.91% 1.49% 1.13% 3.29% 0.06% 1.06% 0.30% 0.69% 2.85% 1.54% 0.83% 0.47% 0.85% 5.58% 1.77% 2.56% 0.38% 0.75% 3.15% 0.38% 0.51% 321 23,366 45 69 71 116 118 54 167 30 29 16 106 3 44 7 17 22 14 7 83 94 414 93 155 19 36 60 4 194 1.25% 90.65% 0.17% 0.27% 0.28% 0.45% 0.46% 0.21% 0.65% 0.12% 0.11% 0.06% 0.41% 0.01% 0.17% 0.03% 0.07% 0.09% 0.06% 0.03% 0.32% 0.36% 1.60% 0.36% 0.60% 0.08% 0.14% 0.23% 0.02% 0.75% 49,467 100.00% 290,454 100.00% 25,775 100.00% 534,626 K-Bytes K-Bytes % Elapsed Time (min) Elaps. Time % 1,791,342 55,245 © NetReport www.net-report.net Page 19/46 Top 10 Accepted Internal Users with their Top 10 Accepted Services October 2004 Source Area Internal User LAN DataSet 192.168.0.201/D7 LAN DataSet Service Comment Destination Area Rule Total Hits 227,602 53 Domain Name Server External 14 149,765 110 Post Office Protocol - Version 3 External 14 35,478 80 World Wide Web HTTP External 13 23,687 68 Bootstrap Protocol Client External 14 3,481 67 Bootstrap Protocol Server External 14 3,358 25 Simple Mail Transfer External 14 1,555 1055 ANSYS - License Manager LAN DataSet 14 574 1054 BRVREAD LAN DataSet 14 505 1283 ProductInfo LAN DataSet 14 336 1284 IEE-QFX LAN DataSet 14 336 192.168.0.202/PROXY 62,898 80 World Wide Web HTTP External 13 61,476 443 http protocol over TLS/SSL External 14 820 80 World Wide Web HTTP DMZ 13 506 900 OMG Initial Refs External 14 8 2001 curry External 14 3 21 File Transfer [Control] External 14 2 3506 APC 3506 LAN DataSet 14 2 External 14 2 59480 8080 HTTP Alternate (see port 80) External 14 2 1736 street-stream LAN DataSet 14 1 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 20/46 Top 10 Accepted Internal Users with their Top 10 Accepted Services October 2004 Source Area Internal User LAN DataSet 192.168.0.68 Service Comment LAN DataSet Rule Total Hits 62,827 4662 edonkey External 14 19,996 4672 remote file access server External 14 14,699 4665 edonkey External 14 7,087 External 14 3,555 4246 DMZ Destination Area 53 Domain Name Server External 14 2,525 80 World Wide Web HTTP External 13 1,969 4661 Kar2ouche Peer location service External 14 739 3310 Dyna Access External 14 602 4650 External 14 587 4646 External 14 347 203.162.14.80/www.netreport.fr 34,988 53 Domain Name Server External 15 34,748 25 Simple Mail Transfer External 15 147 53 Domain Name Server DMZ 15 61 80 World Wide Web HTTP External 15 30 18184 OPSEC LEA (Checkpoint) Firewall 15 2 192.168.0.61/KIWI 33,042 445 Microsoft-DS DMZ 14 15,150 80 World Wide Web HTTP External 13 3,871 143 Internet Message Access Protocol LAN DataSet 8 483 External 14 355 External 14 242 15280 External 14 195 23825 External 14 180 50355 External 14 161 64014 External 14 158 28936 External 14 149 34300 110 Report printed on Friday November 12, 2004 at 11:53 Post Office Protocol - Version 3 © NetReport www.net-report.net Page 21/46 Top 10 Accepted Internal Users with their Top 10 Accepted Services October 2004 Source Area Internal User LAN DataSet 192.168.0.83/ABDEL LAN DataSet Service Comment Destination Area Rule Total Hits 22,914 445 Microsoft-DS DMZ 14 19,858 80 World Wide Web HTTP External 13 1,512 110 Post Office Protocol - Version 3 External 14 1,310 1863 MSN Messenger External 14 95 21 File Transfer [Control] DMZ 14 35 7001 callbacks to cache managers External 14 23 80 World Wide Web HTTP DMZ 13 22 5101 Talarian_UDP External 14 10 1900 SSDP Firewall 14 8 9 Discard External 14 8 192.168.0.204 21,887 389 Lightweight Directory Access Protocol LAN DataSet 14 20,518 53 Domain Name Server External 14 1,336 1487 LocalInfoSrvr LAN DataSet 14 1 1486 nms_topo_serv LAN DataSet 14 1 1477 ms-sna-server LAN DataSet 14 1 1377 Cichlid License Manager LAN DataSet 14 1 1376 IBM Person to Person Software LAN DataSet 14 1 1335 Digital Notary Protocol LAN DataSet 14 1 1334 writesrv LAN DataSet 14 1 1302 CI3-Software-2 LAN DataSet 14 1 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 22/46 Top 10 Accepted Internal Users with their Top 10 Accepted Services October 2004 Source Area Internal User LAN DataSet 192.168.0.52/BOUZIGUES LAN DataSet Service Comment Destination Area Rule Total Hits 20,726 445 Microsoft-DS DMZ 14 1,460 2409 SNS Protocol External 14 887 1863 MSN Messenger External 14 435 80 World Wide Web HTTP External 13 413 123 Network Time Protocol External 14 283 444 Simple Network Paging Protocol External 14 72 443 http protocol over TLS/SSL External 14 46 7001 callbacks to cache managers External 14 22 1900 SSDP Firewall 14 10 21 File Transfer [Control] External 14 9 192.168.0.62/PATATE 13,719 2234 DirectPlay External 14 5,832 80 World Wide Web HTTP External 13 3,567 9888 CYBORG Systems External 14 517 2235 Sercomm-WLink External 14 171 445 Microsoft-DS DMZ 14 41 2236 Nani External 14 19 67 Bootstrap Protocol Server External 14 18 1234 Infoseek Search Agent External 14 14 443 http protocol over TLS/SSL External 14 13 External 14 11 15249 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 23/46 Top 10 Accepted Internal Users with their Top 10 Accepted Services October 2004 Source Area Internal User Service LAN DataSet 192.168.0.54/NR-FFBURTIN Comment Destination Area Rule Total Hits 10,495 80 World Wide Web HTTP DMZ 13 5,768 80 World Wide Web HTTP External 13 3,575 110 Post Office Protocol - Version 3 External 14 457 25 Simple Mail Transfer External 14 110 443 http protocol over TLS/SSL External 14 76 21 File Transfer [Control] External 14 22 12343 NetReport XML Configuration Server DMZ 14 16 67 Bootstrap Protocol Server External 14 15 LAN DataSet 14 2 LAN DataSet 14 2 1042 1064 Report printed on Friday November 12, 2004 at 11:53 JSTEL © NetReport www.net-report.net Page 24/46 Top 10 Accepted Visitors with their Top 10 Accepted Services October 2004 Source Area Visitor External 213.41.140.159/monchel.net1.nerim.NET External External Service Comment External 17 16,557 21 File Transfer [Control] DMZ 17 6,549 143 Internet Message Access Protocol LAN DataSet 8 2,217 80 World Wide Web HTTP External 17 683 21 File Transfer [Control] External 17 275 213.146.130.30/213-146-130-30-in-addr.intechnology.co.uk 8,861 80 World Wide Web HTTP DMZ 17 5,518 143 Internet Message Access Protocol LAN DataSet 8 2,573 21 File Transfer [Control] DMZ 17 770 217.7.71.189 2,718 World Wide Web HTTP DMZ 17 2,718 207.46.98.83 1,469 80 World Wide Web HTTP DMZ 17 1,466 80 World Wide Web HTTP External 17 3 195.6.68.20 1,010 World Wide Web HTTP DMZ 17 1,010 66.249.65.236 646 World Wide Web HTTP DMZ 17 646 194.98.147.189 574 80 External 26,281 DMZ 80 External Total Hits World Wide Web HTTP 80 External Rule 80 80 External Destination Area World Wide Web HTTP DMZ 17 574 213.53.164.236 541 80 Report printed on Friday November 12, 2004 at 11:53 World Wide Web HTTP DMZ 17 541 © NetReport www.net-report.net Page 25/46 Top 10 Accepted Visitors with their Top 10 Accepted Services October 2004 Source Area Visitor External 212.81.78.219 External Service Comment Destination Area Rule Total Hits 493 80 World Wide Web HTTP DMZ 17 422 21 File Transfer [Control] DMZ 17 37 143 Internet Message Access Protocol LAN DataSet 8 34 82.120.124.134/AVelizy-152-1-34-134.w82-120.abo.wanadoo.fr 491 80 World Wide Web HTTP DMZ 17 462 143 Internet Message Access Protocol LAN DataSet 8 19 21 File Transfer [Control] DMZ 17 10 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 26/46 Top 10 Blocked Internal Users with their Top 10 Blocked Services October 2004 Source Area Internal User LAN DataSet 192.168.0.201/D7 LAN DataSet Service Comment DMZ Rule Total Hits 121,699 53 Domain Name Server External 14 53 Domain Name Server External internal 25 Simple Mail Transfer External 1720 h323hostcall LAN DataSet 118,540 3,154 4 14 1 192.168.17.1/BOUZIGUES 123 LAN DataSet Destination Area 285 Network Time Protocol External 19 285 192.168.1.1/BOUZIGUES 284 123 Network Time Protocol External 19 283 514 Syslog LAN DataSet 19 1 203.162.14.80/www.netreport.fr 53 163 External internal 6 11024 External 19 5 12442 External 19 5 15616 External 19 5 21508 External 19 5 26022 External 19 5 30131 External 19 5 11134 External 19 4 19220 External 19 4 19321 External 19 4 Report printed on Friday November 12, 2004 at 11:53 Domain Name Server © NetReport www.net-report.net Page 27/46 Top 10 Blocked Internal Users with their Top 10 Blocked Services October 2004 Source Area Internal User LAN DataSet 192.168.0.52/BOUZIGUES LAN DataSet LAN DataSet Service Comment Total Hits 64 Firewall 14 1 6009 Firewall 14 1 6008 Firewall 14 1 6007 Firewall 14 1 6006 Firewall 14 1 6005 Firewall 14 1 6004 Firewall 14 1 6003 Firewall 14 1 6002 Firewall 14 1 6001 Firewall 14 1 192.168.0.68 46 4662 edonkey External 34 4661 Kar2ouche Peer location service External 5 80 World Wide Web HTTP External 3 21 File Transfer [Control] External 2 4313 External 1 23123 External 1 192.168.0.202/PROXY 40 World Wide Web HTTP External 40 192.168.0.51/TOMATE 21 LAN DataSet Rule 6010 80 LAN DataSet Destination Area 14 File Transfer [Control] DMZ 14 192.168.0.54/NR-FFBURTIN 14 80 World Wide Web HTTP External 11 110 Post Office Protocol - Version 3 External 2 21 File Transfer [Control] External 1 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 28/46 Top 10 Blocked Internal Users with their Top 10 Blocked Services October 2004 Source Area Internal User LAN DataSet 192.168.0.61/KIWI Service Comment Destination Area Rule Total Hits 8 80 World Wide Web HTTP External 1720 h323hostcall LAN DataSet 81 HOSTS2 Name Server External Report printed on Friday November 12, 2004 at 11:53 5 14 2 1 © NetReport www.net-report.net Page 29/46 Top 10 Blocked Visitors with their Top 10 Blocked Services October 2004 Source Area Visitor Service Comment External 81.251.213.44/AMontpellier-251-1-41-44.w81-251.abo.wanadoo.fr 1434 External Microsoft-SQL-Monitor 1,733 External 19 1,733 Microsoft-DS 965 External 19 2 External 19 1 1007 External 19 1 1006 External 19 1 1005 External 19 1 1004 External 19 1 1003 External 19 1 1002 External 19 1 External 19 1 External 19 1 1000 cadlock2 81.56.188.158/lns-p19-27f-81-56-188-158.adsl.proxad.NET 2234 DirectPlay 574 External 19 574 83.113.111.140/AMontpellier-251-1-26-140.w83-113.abo.wanadoo.fr 1434 External Total Hits 1008 1001 External Rule 213.56.43.166/lo024927-gw.rain.fr 445 External Destination Area Microsoft-SQL-Monitor 151 External 19 151 64.233.161.104 125 23078 External 19 4 22557 External 19 3 22676 External 19 3 23057 External 19 3 22531 External 19 2 22507 External 19 2 22504 External 19 2 22502 External 19 2 22560 External 19 2 22559 External 19 2 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 30/46 Top 10 Blocked Visitors with their Top 10 Blocked Services October 2004 Source Area Visitor External 64.233.161.99 External Service Comment External 19 3 22679 External 19 3 22699 External 19 3 22760 External 19 3 22816 External 19 3 22949 External 19 3 23034 External 19 3 22486 External 19 2 22475 External 19 2 22470 External 19 2 82.127.168.133/ALille-151-1-10-133.w82-127.abo.wanadoo.fr Microsoft-DS 99 External 19 99 82.127.228.118/ALille-151-2-5-118.w82-127.abo.wanadoo.fr Microsoft-DS 97 External 19 97 82.127.228.114/ALille-151-2-5-114.w82-127.abo.wanadoo.fr 445 External Total Hits 22537 445 External Rule 123 445 External Destination Area Microsoft-DS 83 External 19 83 172.187.112.95/ACBB705F.ipt.aol.com 2234 Report printed on Friday November 12, 2004 at 11:53 DirectPlay 82 External 19 82 © NetReport www.net-report.net Page 31/46 Top 30 Incoming Accepted Services Sorted by K-Bytes. October 2004 Service Service Comment 21 80 53 143 44343 File Transfer [Control] World Wide Web HTTP Domain Name Server Internet Message Access Protocol K-Bytes K-Bytes % Hits Hits % Elapsed Time (min) Elaps. Time % 1,220,495 1,216,243 50.09% 49.91% 0.00% 7,449 55,102 2 5,836 7 10.89% 80.56% 0.00% 8.53% 0.01% 24,764 15,842 60.99% 39.01% Total for the above Incoming Accepted Services list: 2,436,738 100.00% 68,396 100.00% 40,606 100.00% Total for all Incoming Accepted Services for the same period: 2,436,738 Report printed on Friday November 12, 2004 at 11:53 68,396 40,606 © NetReport www.net-report.net Page 32/46 Top 30 Outgoing Accepted Services Sorted by K-Bytes. October 2004 Service Service Comment 80 53 110 4662 4672 4665 2234 67 4246 68 25 1863 443 2409 4661 3310 4650 9888 34300 4646 2491 123 8084 9959 12769 6569 7658 4577 5682 5672 World Wide Web HTTP Domain Name Server Post Office Protocol - Version 3 edonkey remote file access server edonkey DirectPlay Bootstrap Protocol Server K-Bytes K-Bytes % Hits Hits % Elapsed Time (min) Elaps. Time % 1,687,453 100.00% 104,929 188,783 38,070 20,309 14,699 7,109 5,832 3,604 3,565 3,481 1,852 1,464 1,288 887 750 606 588 517 355 348 305 302 300 295 292 292 291 288 285 274 26.10% 46.97% 9.47% 5.05% 3.66% 1.77% 1.45% 0.90% 0.89% 0.87% 0.46% 0.36% 0.32% 0.22% 0.19% 0.15% 0.15% 0.13% 0.09% 0.09% 0.08% 0.08% 0.07% 0.07% 0.07% 0.07% 0.07% 0.07% 0.07% 0.07% 52,713 100.00% Total for the above Accepted Outgoing Services list: 1,687,453 100.00% 401,960 100.00% 52,713 100.00% Total for all Accepted Outgoing Services for the same period: 1,687,453 Bootstrap Protocol Client Simple Mail Transfer MSN Messenger http protocol over TLS/SSL SNS Protocol Kar2ouche Peer location service Dyna Access CYBORG Systems Conclave CPP Network Time Protocol Report printed on Friday November 12, 2004 at 11:53 421,369 52,713 © NetReport www.net-report.net Page 33/46 Top 10 Accepted Services with their Top 10 Accepted Internal Users October 2004 Service Comment 53 80 Internal User Domain Name Server Source Area Destination Area Rule Total Hits LAN DataSet 154,239 192.168.0.201/D7 External 14 149,765 192.168.0.68 External 14 2,525 192.168.0.204 External 14 1,336 192.168.0.51/TOMATE External 14 324 192.168.0.68 LAN DataSet 14 202 192.168.0.67/CARAMBOLE External 14 53 192.168.0.241/B External 14 18 192.168.0.74 External 14 13 192.168.0.52/BOUZIGUES Firewall 14 2 192.168.0.53/CHIVAS External 14 1 World Wide Web HTTP LAN DataSet 111,380 192.168.0.202/PROXY External 13 61,476 192.168.0.201/D7 External 13 23,687 192.168.0.54/NR-FFBURTIN DMZ 13 5,768 192.168.0.61/KIWI External 13 3,871 192.168.0.54/NR-FFBURTIN External 13 3,575 192.168.0.62/PATATE External 13 3,567 192.168.0.68 External 13 1,969 192.168.0.83/ABDEL External 13 1,512 192.168.0.51/TOMATE External 13 1,420 192.168.0.66/COMPTA External 13 1,017 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 34/46 Top 10 Accepted Services with their Top 10 Accepted Internal Users October 2004 Service Comment 445 110 53 389 Internal User Microsoft-DS Source Area Destination Area Rule Total Hits LAN DataSet 38,621 192.168.0.83/ABDEL DMZ 14 19,858 192.168.0.61/KIWI DMZ 14 15,150 192.168.0.52/BOUZIGUES DMZ 14 1,460 192.168.0.74 DMZ 14 942 192.168.0.51/TOMATE DMZ 14 717 192.168.0.53/CHIVAS DMZ 14 412 192.168.0.62/PATATE DMZ 14 41 192.168.0.65/SKIPPER DMZ 14 27 192.168.0.55/VMGGO DMZ 14 9 192.168.0.69 LAN DataSet 14 3 Post Office Protocol - Version 3 LAN DataSet 38,072 192.168.0.201/D7 External 14 35,478 192.168.0.83/ABDEL External 14 1,310 192.168.0.54/NR-FFBURTIN External 14 457 192.168.0.69 External 14 291 192.168.0.68 External 14 246 192.168.0.61/KIWI External 14 242 192.168.0.74 External 14 30 192.168.0.241/B External 14 14 192.168.0.52/BOUZIGUES Firewall 14 2 192.168.0.53/CHIVAS External 14 2 Domain Name Server DMZ 34,809 203.162.14.80/www.netreport.fr External 15 34,748 203.162.14.80/www.netreport.fr DMZ 15 61 Lightweight Directory Access Protocol LAN DataSet 20,520 192.168.0.204 LAN DataSet 14 20,518 192.168.0.52/BOUZIGUES Firewall 14 2 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 35/46 Top 10 Accepted Services with their Top 10 Accepted Internal Users October 2004 Service Comment 4662 4672 2234 4665 Internal User edonkey Source Area Destination Area Rule Total Hits LAN DataSet 20,316 192.168.0.68 External 14 19,996 192.168.0.37/ZZA-G5DMV9I4B86 External 14 313 192.168.0.53/CHIVAS LAN DataSet 14 3 192.168.0.52/BOUZIGUES Firewall 14 2 192.168.0.62/PATATE LAN DataSet 14 1 192.168.0.61/KIWI LAN DataSet 14 1 remote file access server LAN DataSet 14,704 192.168.0.68 External 14 14,699 192.168.0.52/BOUZIGUES Firewall 14 2 192.168.0.61/KIWI LAN DataSet 14 1 192.168.0.54/NR-FFBURTIN LAN DataSet 14 1 192.168.0.201/D7 LAN DataSet 14 1 DirectPlay LAN DataSet 11,742 192.168.0.51/TOMATE Firewall 14 5,896 192.168.0.62/PATATE External 14 5,832 192.168.0.62/PATATE Firewall 14 8 192.168.0.52/BOUZIGUES Firewall 14 2 192.168.0.53/CHIVAS LAN DataSet 14 2 192.168.0.62/PATATE LAN DataSet 14 1 192.168.0.52/BOUZIGUES LAN DataSet 14 1 edonkey LAN DataSet 7,129 192.168.0.68 External 14 7,087 192.168.0.37/ZZA-G5DMV9I4B86 External 14 22 192.168.0.201/D7 LAN DataSet 14 14 192.168.0.52/BOUZIGUES Firewall 14 2 192.168.0.61/KIWI LAN DataSet 14 2 192.168.0.54/NR-FFBURTIN LAN DataSet 14 1 192.168.0.53/CHIVAS LAN DataSet 14 1 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 36/46 Top 10 Accepted Services with their Top 10 Accepted Visitors October 2004 Service Comment 80 21 Visitor World Wide Web HTTP Source Area Destination Area Rule Total Hits External 56,245 213.41.140.159/monchel.net1.nerim.NET DMZ 17 16,557 213.146.130.30/213-146-130-30-in-addr.intechnology.co.uk DMZ 17 5,518 217.7.71.189 DMZ 17 2,718 207.46.98.83 DMZ 17 1,466 195.6.68.20 DMZ 17 1,010 213.41.140.159/monchel.net1.nerim.NET External 17 683 66.249.65.236 DMZ 17 646 194.98.147.189 DMZ 17 574 213.53.164.236 DMZ 17 541 212.210.11.4 DMZ 17 478 File Transfer [Control] External 7,726 213.41.140.159/monchel.net1.nerim.NET DMZ 17 6,549 213.146.130.30/213-146-130-30-in-addr.intechnology.co.uk DMZ 17 770 213.41.140.159/monchel.net1.nerim.NET External 17 275 212.81.78.219 DMZ 17 37 62.197.79.66/ns.gobinjf.be DMZ 17 20 82.120.124.134/AVelizy-152-1-34-134.w82-120.abo.wanadoo DMZ .fr 82.120.131.93/AVelizy-152-1-14-93.w82-120.abo.wanadoo.fr DMZ 17 10 17 8 82.120.247.13/AVelizy-152-1-45-13.w82-120.abo.wanadoo.fr DMZ 17 8 217.117.32.9/vt1.nrb.be DMZ 17 5 62.72.119.190/nokia-prod.nextiraone.be DMZ 17 5 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 37/46 Top 10 Accepted Services with their Top 10 Accepted Visitors October 2004 Service Comment 143 Internet Message Access Protocol 44343 53 500 Visitor Source Area Rule Total Hits External 5,836 213.146.130.30/213-146-130-30-in-addr.intechnology.co.uk LAN DataSet 8 2,573 213.41.140.159/monchel.net1.nerim.NET LAN DataSet 8 2,217 83.113.231.93/AMontpellier-251-1-9-93.w83-113.abo.wanado LAN DataSet o.fr 81.251.213.44/AMontpellier-251-1-41-44.w81-251.abo.wanad LAN DataSet oo.fr 82.124.130.198/APuteaux-153-1-38-198.w82-124.abo.wanad LAN DataSet 8 182 8 165 8 157 oo.fr 82.124.2.181/APuteaux-153-1-32-181.w82-124.abo.wanadoo. LAN DataSet fr 82.124.187.173/APuteaux-153-1-25-173.w82-124.abo.wanad LAN DataSet oo.fr 82.124.130.119/APuteaux-153-1-38-119.w82-124.abo.wanad LAN DataSet 8 73 8 54 8 49 oo.fr 82.124.51.130/APuteaux-153-1-5-130.w82-124.abo.wanadoo. LAN DataSet fr 82.124.128.43/APuteaux-153-1-36-43.w82-124.abo.wanadoo. LAN DataSet fr External 8 43 8 37 80.132.75.196/p50844BC4.dip0.t-ipconnect.de 18 Domain Name Server LAN DataSet 7 7 External 4 168.75.176.72 External 17 2 213.56.43.166/lo024927-gw.rain.fr DMZ 17 2 isakmp External 213.56.43.166/lo024927-gw.rain.fr 264 Destination Area BGMP 3 External internal 3 External 213.56.43.166/lo024927-gw.rain.fr Report printed on Friday November 12, 2004 at 11:53 1 External internal 1 © NetReport www.net-report.net Page 38/46 Top 10 Blocked Services with their Top 10 Blocked Internal Users October 2004 Service Comment 53 123 80 4662 Internal User Domain Name Server Source Area 1434 2234 Rule 121,696 192.168.0.201/D7 External 14 192.168.0.201/D7 External internal 192.168.0.67/CARAMBOLE External 14 Network Time Protocol Total Hits LAN DataSet 118,540 3,154 2 LAN DataSet 568 192.168.17.1/BOUZIGUES External 19 285 192.168.1.1/BOUZIGUES External 19 283 World Wide Web HTTP LAN DataSet 62 192.168.0.202/PROXY External 40 192.168.0.54/NR-FFBURTIN External 11 192.168.0.61/KIWI External 5 192.168.0.68 External 3 192.168.0.66/COMPTA External 3 edonkey LAN DataSet 192.168.0.68 21 Destination Area File Transfer [Control] 34 External 34 LAN DataSet 20 192.168.0.51/TOMATE DMZ 14 192.168.0.83/ABDEL DMZ 3 192.168.0.68 External 2 192.168.0.54/NR-FFBURTIN External 1 Microsoft-SQL-Monitor LAN DataSet 9 192.168.111.1 External 19 8 192.168.44.1 External 19 1 DirectPlay LAN DataSet 192.168.0.62/PATATE Report printed on Friday November 12, 2004 at 11:53 6 External 6 © NetReport www.net-report.net Page 39/46 Top 10 Blocked Services with their Top 10 Blocked Internal Users October 2004 Service Comment 53 Internal User Domain Name Server Source Area Rule Total Hits DMZ 203.162.14.80/www.netreport.fr 11024 Destination Area 6 External internal 6 DMZ 203.162.14.80/www.netreport.fr 12442 5 External 19 5 DMZ 203.162.14.80/www.netreport.fr Report printed on Friday November 12, 2004 at 11:53 5 External 19 5 © NetReport www.net-report.net Page 40/46 Top 10 Blocked Services with their Top 10 Blocked Visitors October 2004 Service Comment 445 2234 Visitor Microsoft-DS Source Area Destination Area Rule Total Hits External 16,421 82.127.168.133/ALille-151-1-10-133.w82-127.abo.wanadoo.fr External 19 99 82.127.228.118/ALille-151-2-5-118.w82-127.abo.wanadoo.fr External 19 97 82.127.228.114/ALille-151-2-5-114.w82-127.abo.wanadoo.fr External 19 83 82.127.165.109/ALille-151-1-7-109.w82-127.abo.wanadoo.fr External 19 77 82.127.230.224/ALille-151-2-7-224.w82-127.abo.wanadoo.fr External 19 75 82.127.164.239/ALille-151-1-6-239.w82-127.abo.wanadoo.fr External 19 69 82.127.231.111/ALille-151-2-8-111.w82-127.abo.wanadoo.fr External 19 67 82.127.233.71/ALille-151-1-24-71.w82-127.abo.wanadoo.fr External 19 62 82.127.165.79/ALille-151-1-7-79.w82-127.abo.wanadoo.fr External 19 60 82.127.175.167/ALille-151-1-17-167.w82-127.abo.wanadoo.fr External 19 57 DirectPlay External 5,463 81.56.188.158/lns-p19-27f-81-56-188-158.adsl.proxad.NET External 19 574 172.187.112.95/ACBB705F.ipt.aol.com External 19 82 66.32.154.154/user-11216kq.dsl.mindspring.com External 19 58 213.41.136.114/wanderland.org External 19 46 68.164.15.25/h-68-164-15-25.chcgilgm.dynamic.covad.NET External 19 28 200.64.114.124/dup-200-64-114-124.prodigy.net.mx External 19 10 201.255.9.1 External 19 9 217.146.127.248/meridian2.adsl.wizards.co.uk External 19 9 193.226.242.2/adsl1538.freestart.hu External 19 7 200.64.114.143/dup-200-64-114-143.prodigy.net.mx External 19 6 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 41/46 Top 10 Blocked Services with their Top 10 Blocked Visitors October 2004 Service Comment 1434 1026 Visitor Microsoft-SQL-Monitor Source Area Destination Area Rule Total Hits External 1,974 81.251.213.44/AMontpellier-251-1-41-44.w81-251.abo.wanad External oo.fr 83.113.111.140/AMontpellier-251-1-26-140.w83-113.abo.wan External adoo.fr 81.16.238.5/81-16-239-5.lenet.lt External 19 1,733 19 151 19 4 202.108.249.21 External 19 3 61.210.143.226/ntshga022226.shga.nt.ftth.ppp.infoweb.ne.jp External 19 3 61.233.159.248 External 19 3 193.6.242.149 External 19 2 211.137.99.250 External 19 2 220.218.135.69/usen-220x218x135x69.ap-US00.usen.ad.jp External 19 2 61.150.85.167 External 19 2 Calender Access Protocol External 174 206.225.84.43/206-225-84-43.dedicated.abac.NET External 19 18 208.51.89.11 External 19 10 208.51.89.16 External 19 10 208.51.89.76 External 19 10 208.51.89.86 External 19 9 208.51.89.96 External 19 8 208.51.89.21 External 19 7 208.51.89.81 External 19 7 61.129.115.91 External 19 7 208.51.89.36 External 19 5 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 42/46 Top 10 Blocked Services with their Top 10 Blocked Visitors October 2004 Service Comment 5554 113 Visitor SGI ESP HTTP Source Area Destination Area Rule Total Hits External 160 82.127.136.241/ALille-251-1-30-241.w82-127.abo.wanadoo.fr External 19 7 82.127.173.152/ALille-151-1-15-152.w82-127.abo.wanadoo.fr External 19 7 81.250.27.77/ALille-209-1-15-77.w81-250.abo.wanadoo.fr External 19 6 82.127.147.119/ALille-251-1-5-119.w82-127.abo.wanadoo.fr External 19 5 82.127.164.101/ALille-151-1-6-101.w82-127.abo.wanadoo.fr External 19 5 82.127.219.193/ALille-251-2-5-193.w82-127.abo.wanadoo.fr External 19 4 82.127.142.200/ALille-251-1-36-200.w82-127.abo.wanadoo.fr External 19 3 82.127.162.228/ALille-151-1-4-228.w82-127.abo.wanadoo.fr External 19 3 82.127.194.209/ALille-251-1-40-209.w82-127.abo.wanadoo.fr External 19 3 82.127.196.206/ALille-251-1-42-206.w82-127.abo.wanadoo.fr External 19 3 Authentication Service External 94 194.242.114.10/delta.easy-hebergement.NET External 19 17 67.72.102.2/unknown.flatiron.NET External 19 6 195.220.66.26 External 19 4 82.127.168.248/ALille-151-1-10-248.w82-127.abo.wanadoo.fr External 19 3 200.68.8.53/mail1.cesmec.cl External 19 2 200.17.33.1/benfica.cefet-ce.br External 19 2 195.113.20.5/smtp2.ms.mff.cuni.cz External 19 2 211.125.64.73/www2.axel.co.jp External 19 2 213.131.235.104/104.235.131.213.rev.inetbone.NET External 19 2 82.127.163.31/ALille-151-1-5-31.w82-127.abo.wanadoo.fr External 19 2 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 43/46 Top 10 Blocked Services with their Top 10 Blocked Visitors October 2004 Service Comment 1027 80 Visitor ExoSee Source Area Destination Area Rule Total Hits External 87 61.129.115.91 External 19 7 69.50.177.27 External 19 2 195.128.51.176 External 19 1 195.126.172.238 External 19 1 195.126.125.232 External 19 1 195.125.197.198 External 19 1 195.114.154.95 External 19 1 195.113.22.54/X.troja.mff.cuni.cz External 19 1 195.113.105.126/cl105126.osu.cz External 19 1 195.112.71.122 External 19 1 World Wide Web HTTP External 81 217.230.97.236/pD9E661EC.dip.t-dialin.NET External 50 212.129.58.114 External 12 216.204.105.226/ipn36372-b75106.cidr.lightship.NET External 3 195.67.10.238/ External 3 195.53.119.2 External 2 195.243.148.254 External 2 213.146.130.30/213-146-130-30-in-addr.intechnology.co.uk External 2 69.19.34.66/dpc691934066.direcpc.COM External 2 62.101.126.215/62-101-126-215.fastres.NET External 1 213.42.2.25 External 1 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 44/46 Top 10 Blocked Services with their Top 10 Blocked Visitors October 2004 Service Comment 9898 2745 Visitor MonkeyCom Source Area Destination Area Rule Total Hits External 60 218.91.47.23 External 19 1 218.87.135.242 External 19 1 218.254.130.146/cm218-254-130-146.hkcable.com.hk External 19 1 218.25.128.152 External 19 1 218.229.232.3/hcou118003.catv.ppp.infoweb.ne.jp External 19 1 218.191.186.161 External 19 1 218.18.42.242 External 19 1 218.178.136.139/YahooBB218178136139.bbtec.NET External 19 1 218.154.254.238 External 19 1 218.103.251.96/n218103251096.netvigator.com External 19 1 URBISNET External 82.127.219.79/ALille-251-2-5-79.w82-127.abo.wanadoo.fr 49 External 19 5 82.127.132.168/ALille-251-1-26-168.w82-127.abo.wanadoo.fr External 19 2 82.127.128.22/ALille-251-1-22-22.w82-127.abo.wanadoo.fr External 19 2 82.127.121.174/LNeuilly-152_22-2-174.w82-127.abo.wanado External o.fr 82.127.135.69/ALille-251-1-29-69.w82-127.abo.wanadoo.fr External 19 2 19 2 82.127.194.25/ALille-251-1-40-25.w82-127.abo.wanadoo.fr External 19 2 82.127.234.105/ALille-151-1-23-105.w82-127.abo.wanadoo.fr External 19 2 82.127.154.18/ALille-251-1-12-18.w82-127.abo.wanadoo.fr External 19 1 82.127.143.180/ALille-251-1-37-180.w82-127.abo.wanadoo.fr External 19 1 82.127.133.85/ALille-251-1-27-85.w82-127.abo.wanadoo.fr 19 1 Report printed on Friday November 12, 2004 at 11:53 External © NetReport www.net-report.net Page 45/46 Top 10 Users & Visitors Using the Greatest Variety of Services October 2004 Internal Users Accepted Blocked Distinct Services Number of Hits Total Distinct Services Number of Hits Distinct Services Number of Hits 192.168.0.52/BOUZIGUES 7,936 20,726 64 64 8,000 20,790 192.168.0.61/KIWI 4,919 33,042 3 8 4,920 33,050 192.168.0.62/PATATE 2,524 13,719 2 7 2,525 13,726 192.168.0.53/CHIVAS 2,286 4,474 2,286 4,474 192.168.0.201/D7 1,657 227,602 1,658 349,301 192.168.0.65/SKIPPER 1,033 1,259 1,033 1,259 192.168.0.69 542 2,445 542 2,445 192.168.0.54/NR-FFBURTIN 446 10,495 3 14 446 10,509 192.168.0.68 418 62,827 6 46 418 62,873 192.168.0.51/TOMATE 285 8,897 1 14 285 8,911 External Visitors Accepted 5 121,699 Blocked Distinct Services Number of Hits 213.56.43.166/lo024927-gw.rain.fr 3 11 Total Distinct Services Number of Hits Distinct Services Number of Hits 964 965 969 976 64.233.161.99 74 123 74 123 64.233.161.104 70 125 70 125 64.4.12.201/echo-v2.msgr.hotmail.com 51 51 51 51 213.156.52.112/213-156-52-112.fastres.NET 1 26 30 30 31 56 81.208.74.176/81-208-74-176.fastres.NET 1 4 30 30 31 34 83.113.239.216/AMontpellier-251-1-17-216.w83-113.abo.wanadoo.fr 18 18 18 18 209.171.52.99/www.codeproject.COM 17 17 17 17 81.69.254.248/bml-1e0f8.adsl.wanadoo.nl 14 14 14 14 81.77.232.41/user-2089.l4.c1.dsl.pol.co.uk 14 14 14 14 Report printed on Friday November 12, 2004 at 11:53 © NetReport www.net-report.net Page 46/46