Explore

Report : Firewall_Monthly_YYMM
download Report

Transcription

Report : Firewall_Monthly_YYMM 
Monthly General Firewall Statistics
10,217
33
17
12,298
119
26
6
Internal Users
External Destinations
Internal Servers
3 Blocked:
Events
1,296
96
4 Accepted:
113,257
Next
Network Forensics - Monthly Filtering by Day
Traffic - Traffic Activity Trends Based on The Number of IP Addresses
External Visitors
October, 2004
Previous
100000
90000
80000
70000
60000
50000
40000
30000
20000
10000
0
Blocked
Accepted
1
2
3
4
5
6
7
8
9 10 11 12 13 14 15
Day of the Month
2 Blocked:
27,207
1 Accepted:
69,822
3
Services - Number of Different Services
4
5
Accepted
Inbound
1
2
6
5 Blocked:
6 Accepted:
149,754
Outbound
3,632
107
Internal
7,939
78
5
1,808
Services - Top 5 Accepted Services by Hits
Network Forensics - Most Active Internal User and External Visitor
Source
Action
Total
Hits
LAN DataSet
192.168.0.201 D7
Accepted
227,602
LAN DataSet
192.168.0.201 D7
Blocked
121,699
External
213.41.140.159 monchel.net1.nerim.NET
Accepted
External
81.251.213.44
Blocked
AMontpellier-251-1-41-44.w81-251.abo.wanadoo.
System
Web
Report printed on Friday November 12, 2004 at 11:53
5
Error (External ->External)
422,795
Blocked
26,281
1,733
Other
Mail
4
195,920
56,245
8
5,836
File Sharing
Total:
69,822
38,902
234,824
107,361
6,505
168,968
43,354
39,912
83,273
39,942
593
46,371
27,816
36
27,852
422,795
113,257
604,448
© NetReport www.net-report.net
MB
3,008
4,228
Page 1/46
Graph of Events by Day of the Month
October 2004
Traffic - Accepted Traffic
Accepted
Internal Accepted
90000
80000
70000
Hits
60000
Outbound Accepted
50000
40000
30000
20000
10000
Inbound Accepted
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Day of the Month
Traffic - Blocked Traffic
Blocked
Internal Blocked
20000
18000
16000
Hits
14000
12000
Outbound Blocked
10000
8000
6000
4000
2000
Inbound Blocked
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Day of the Month
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 2/46
October 2004
Graph of Events by Day of the Month
Inbound
Date
Friday, October 1
Saturday, October 2
Sunday, October 3
Monday, October 4
Tuesday, October 5
Wednesday, October 6
Thursday, October 7
Friday, October 8
Saturday, October 9
Sunday, October 10
Monday, October 11
Tuesday, October 12
Wednesday, October 13
Thursday, October 14
Friday, October 15
Total for October 2004
Outbound
Internal
Total
Accepted
Blocked
Accepted
Blocked
Accepted
Blocked
Accepted
Blocked
Total
5,674
2,713
2,837
6,788
5,370
3,935
174
8,043
5,775
3,809
8,790
4,228
5,719
2,471
3,496
69,822
3,066
3,019
4,333
3,604
1,248
1,356
156
1,998
2,349
2,822
702
929
1,363
207
55
27,207
49,073
27,838
22,384
41,246
35,473
33,635
2,379
45,149
25,420
9,078
44,622
56,980
13,706
5,199
10,613
422,795
13,727
13,769
15,418
13,376
10,320
9,518
981
12,406
12,821
13,182
10,140
7,445
7,539
4,067
5,045
149,754
15,563
2,056
2,577
16,430
10,014
6,914
341
7,718
3,628
3,462
5,567
23,657
9,081
1,495
4,754
113,257
15
70,310
32,607
27,798
64,464
50,857
44,484
2,894
60,910
34,823
16,349
58,979
84,865
28,506
9,165
18,863
605,874
16,808
16,788
19,751
16,980
11,568
10,874
1,137
14,405
15,170
16,005
10,856
8,438
8,902
4,274
5,101
177,057
87,118
49,395
47,549
81,444
62,425
55,358
4,031
75,315
49,993
32,354
69,835
93,303
37,408
13,439
23,964
782,931
Report printed on Friday November 12, 2004 at 11:53
1
1
14
64
1
96
© NetReport www.net-report.net
Page 3/46
Blocked and Accepted Traffic Figures Analyzed by Number of Hits
October 2004
Type
Action
Inbound
Outbound
Internal
Total Hits
Total MB
accept
69,822
422,795
113,257
604,448
4,228
69,822
422,795
113,257
604,448
4,228
27,202
149,745
12
149,757
5
9
84
93
Total Blocked:
27,207
149,754
96
149,850
Total for October 2004
97,029
572,549
113,353
754,298
Accepted
Total Accepted:
Blocked
drop
reject
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
4,228
Page 4/46
Top 100 Accepted Services by Source and Destination
October 2004
Source Area
Destination Area
Service
Service comment
Rule
Total Hits
October 2004
522,786
DMZ
34,988
DMZ
DMZ
61
DMZ
DMZ
DMZ
External
DMZ
External
53
Domain Name Server
15
34,748
DMZ
External
25
Simple Mail Transfer
15
147
DMZ
External
80
World Wide Web HTTP
15
30
DMZ
Firewall
DMZ
Firewall
53
Domain Name Server
15
61
34,925
2
18184
Report printed on Friday November 12, 2004 at 11:53
OPSEC LEA (Checkpoint)
15
2
© NetReport www.net-report.net
Page 5/46
Top 100 Accepted Services by Source and Destination
October 2004
Source Area
Destination Area
Service
Service comment
Rule
Total Hits
October 2004
522,786
External
69,822
External
DMZ
62,553
External
DMZ
80
World Wide Web HTTP
17
55,102
External
DMZ
21
File Transfer [Control]
17
7,449
External
DMZ
53
Domain Name Server
17
2
External
External
External
External
80
World Wide Web HTTP
17
1,143
External
External
21
File Transfer [Control]
17
277
External
External
500
isakmp
internal
3
External
External
53
Domain Name Server
17
2
External
External
264
BGMP
internal
1
External
LAN DataSet
External
LAN DataSet
143
External
LAN DataSet
44343
1,426
5,843
Report printed on Friday November 12, 2004 at 11:53
Internet Message Access Protocol
8
5,836
18
7
© NetReport www.net-report.net
Page 6/46
Top 100 Accepted Services by Source and Destination
October 2004
Source Area
Destination Area
Service
Service comment
Rule
Total Hits
October 2004
522,786
LAN DataSet
417,976
LAN DataSet
DMZ
45,379
LAN DataSet
DMZ
445
Microsoft-DS
14
38,616
LAN DataSet
DMZ
80
World Wide Web HTTP
13
6,471
LAN DataSet
DMZ
21
File Transfer [Control]
14
66
LAN DataSet
DMZ
7424
DataSet Remote Control
14
47
LAN DataSet
DMZ
7427
OpenView DM Event Agent Manager
14
43
LAN DataSet
DMZ
1434
Microsoft-SQL-Monitor
14
39
LAN DataSet
DMZ
1433
Microsoft-SQL-Server
14
34
LAN DataSet
DMZ
12343
NetReport XML Configuration Server
14
34
LAN DataSet
DMZ
7425
DataSet Remote Control
14
29
LAN DataSet
External
LAN DataSet
External
53
Domain Name Server
14
154,035
LAN DataSet
External
80
World Wide Web HTTP
13
104,888
LAN DataSet
External
110
Post Office Protocol - Version 3
14
38,070
LAN DataSet
External
4662
edonkey
14
20,309
LAN DataSet
External
4672
remote file access server
14
14,699
LAN DataSet
External
4665
edonkey
14
7,109
LAN DataSet
External
2234
DirectPlay
14
5,832
LAN DataSet
External
67
Bootstrap Protocol Server
14
3,604
LAN DataSet
External
4246
14
3,565
LAN DataSet
External
68
Bootstrap Protocol Client
14
3,481
LAN DataSet
External
25
Simple Mail Transfer
14
1,705
LAN DataSet
External
1863
MSN Messenger
14
1,464
LAN DataSet
External
443
http protocol over TLS/SSL
14
1,288
372,597
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 7/46
Top 100 Accepted Services by Source and Destination
October 2004
Source Area
Destination Area
Service
Service comment
Rule
Total Hits
October 2004
522,786
LAN DataSet
417,976
LAN DataSet
External
372,597
LAN DataSet
External
2409
SNS Protocol
14
887
LAN DataSet
External
4661
Kar2ouche Peer location service
14
750
LAN DataSet
External
3310
Dyna Access
14
606
LAN DataSet
External
4650
14
588
LAN DataSet
External
9888
14
517
LAN DataSet
External
34300
14
355
LAN DataSet
External
4646
14
348
LAN DataSet
External
2491
Conclave CPP
14
305
LAN DataSet
External
123
Network Time Protocol
14
302
LAN DataSet
External
8084
14
300
LAN DataSet
External
9959
14
295
LAN DataSet
External
12769
14
292
LAN DataSet
External
6569
14
292
LAN DataSet
External
7658
14
291
LAN DataSet
External
4577
14
288
LAN DataSet
External
5682
14
285
LAN DataSet
External
5672
14
274
LAN DataSet
External
2327
xingcsm
14
260
LAN DataSet
External
6346
gnutella-svc
14
257
LAN DataSet
External
15280
14
195
LAN DataSet
External
7001
14
193
LAN DataSet
External
5662
14
182
LAN DataSet
External
23825
14
180
LAN DataSet
External
2235
14
171
Report printed on Friday November 12, 2004 at 11:53
CYBORG Systems
callbacks to cache managers
Sercomm-WLink
© NetReport www.net-report.net
Page 8/46
Top 100 Accepted Services by Source and Destination
October 2004
Source Area
Destination Area
Service
Service comment
Rule
Total Hits
October 2004
522,786
LAN DataSet
417,976
LAN DataSet
External
372,597
LAN DataSet
External
50355
14
161
LAN DataSet
External
64014
14
158
LAN DataSet
External
28936
14
149
LAN DataSet
External
24856
14
148
LAN DataSet
External
43307
14
146
LAN DataSet
External
8080
HTTP Alternate (see port 80)
14
142
LAN DataSet
External
4663
edonkey
14
141
LAN DataSet
External
4666
14
128
LAN DataSet
External
5773
14
128
LAN DataSet
External
27472
14
127
LAN DataSet
External
4242
14
126
LAN DataSet
External
5783
14
121
LAN DataSet
External
4673
14
111
LAN DataSet
External
4682
14
111
LAN DataSet
External
39028
14
107
LAN DataSet
External
1434
14
106
LAN DataSet
External
779
14
106
LAN DataSet
External
4664
14
104
LAN DataSet
External
17646
14
103
LAN DataSet
External
7329
14
102
LAN DataSet
External
64000
14
101
LAN DataSet
External
38390
14
99
LAN DataSet
External
8892
14
99
LAN DataSet
External
9709
14
99
Report printed on Friday November 12, 2004 at 11:53
Microsoft-SQL-Monitor
Desktop Data UDP 4: FARM product
© NetReport www.net-report.net
Page 9/46
Top 100 Accepted Services by Source and Destination
October 2004
Source Area
Destination Area
Service
Service comment
Rule
Total Hits
October 2004
522,786
LAN DataSet
417,976
LAN DataSet
External
372,597
LAN DataSet
External
49053
14
97
LAN DataSet
External
15098
14
95
LAN DataSet
External
789
14
93
LAN DataSet
External
25984
14
91
LAN DataSet
External
17864
14
90
LAN DataSet
External
100
14
89
LAN DataSet
External
4224
14
84
LAN DataSet
External
60000
14
80
LAN DataSet
External
56936
14
76
LAN DataSet
External
52459
14
75
LAN DataSet
External
6672
vision_server
14
74
LAN DataSet
External
444
Simple Network Paging Protocol
14
72
LAN DataSet
External
19832
14
70
LAN DataSet
External
10732
14
64
LAN DataSet
External
4000
14
62
Report printed on Friday November 12, 2004 at 11:53
VRML Multi User Systems
ICQ
© NetReport www.net-report.net
Page 10/46
Top 100 Blocked Services by Source and Destination
October 2004
Source Area
October 2004
Destination Area
Service
Service comment
Rule
Total Hits
159
DMZ
159
DMZ
External
152
DMZ
External
53
DMZ
External
DMZ
internal
6
11024
19
5
External
12442
19
5
DMZ
External
30131
19
5
DMZ
External
15616
19
5
DMZ
External
26022
19
5
DMZ
External
21508
19
5
DMZ
External
19321
19
4
DMZ
External
19220
19
4
DMZ
External
28048
19
4
DMZ
External
11134
19
4
DMZ
External
4515
19
4
DMZ
External
3451
19
3
DMZ
External
13581
19
3
DMZ
External
1838
19
3
DMZ
External
52394
19
2
DMZ
External
10855
19
2
DMZ
External
33933
19
2
DMZ
External
33932
19
2
DMZ
External
33734
19
2
DMZ
External
39276
19
2
DMZ
External
37462
19
2
DMZ
External
51202
19
2
DMZ
External
63421
19
2
Report printed on Friday November 12, 2004 at 11:53
Domain Name Server
ASAM Services
TALNET
© NetReport www.net-report.net
Page 11/46
Top 100 Blocked Services by Source and Destination
October 2004
Source Area
October 2004
Destination Area
Service
Service comment
Rule
Total Hits
159
DMZ
159
DMZ
External
152
DMZ
External
63401
19
1
DMZ
External
63366
19
1
DMZ
External
63118
19
1
DMZ
External
60891
19
1
DMZ
External
57790
19
1
DMZ
External
57789
19
1
DMZ
External
57787
19
1
DMZ
External
56709
19
1
DMZ
External
54602
19
1
DMZ
External
53992
19
1
DMZ
External
53985
19
1
DMZ
External
51174
19
1
DMZ
External
50721
19
1
DMZ
External
50336
19
1
DMZ
External
50275
19
1
DMZ
External
49136
19
1
DMZ
External
49021
19
1
DMZ
External
48757
19
1
DMZ
External
48362
19
1
DMZ
External
48358
19
1
DMZ
External
45893
19
1
DMZ
External
45892
19
1
DMZ
External
41341
19
1
DMZ
External
4054
19
1
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 12/46
Top 100 Blocked Services by Source and Destination
October 2004
Source Area
October 2004
Destination Area
Service
Service comment
Rule
Total Hits
159
DMZ
159
DMZ
External
152
DMZ
External
40505
19
1
DMZ
External
34253
19
1
DMZ
External
33963
19
1
DMZ
External
33939
19
1
DMZ
External
33935
19
1
DMZ
External
35955
19
1
DMZ
External
35940
19
1
DMZ
External
34643
19
1
DMZ
External
34610
19
1
DMZ
External
34609
19
1
DMZ
External
34608
19
1
DMZ
External
34581
19
1
DMZ
External
29862
19
1
DMZ
External
2848
19
1
DMZ
External
14424
19
1
DMZ
External
1434
19
1
DMZ
External
20519
19
1
DMZ
External
2049
19
1
DMZ
External
19673
19
1
DMZ
External
19597
19
1
DMZ
External
18729
19
1
DMZ
External
18702
19
1
DMZ
External
18669
19
1
DMZ
External
18073
19
1
Report printed on Friday November 12, 2004 at 11:53
AMT-BLC-PORT
Microsoft-SQL-Monitor
Network File System - Sun Microsystems
© NetReport www.net-report.net
Page 13/46
Top 100 Blocked Services by Source and Destination
October 2004
Source Area
October 2004
Destination Area
Service
Service comment
Rule
Total Hits
159
DMZ
159
DMZ
External
152
DMZ
External
16779
19
1
DMZ
External
16769
19
1
DMZ
External
12533
19
1
DMZ
External
12476
19
1
DMZ
External
11934
19
1
DMZ
External
10863
19
1
DMZ
External
10857
19
1
DMZ
External
10856
19
1
DMZ
External
10832
19
1
DMZ
External
10444
19
1
DMZ
External
10437
19
1
DMZ
External
52113
19
1
DMZ
External
9248
19
1
DMZ
External
8874
19
1
DMZ
External
8354
19
1
DMZ
External
7226
19
1
DMZ
External
7073
19
1
DMZ
External
6905
19
1
DMZ
External
6897
19
1
DMZ
External
6421
19
1
DMZ
External
63436
19
1
DMZ
Firewall
DMZ
Firewall
7
34955
Report printed on Friday November 12, 2004 at 11:53
19
1
© NetReport www.net-report.net
Page 14/46
Top 100 Blocked Services by Source and Destination
October 2004
Source Area
October 2004
Destination Area
Service
Service comment
Rule
Total Hits
159
DMZ
159
DMZ
Firewall
7
DMZ
Firewall
19346
19
1
DMZ
Firewall
19345
19
1
DMZ
Firewall
14659
19
1
DMZ
Firewall
13962
19
1
DMZ
Firewall
13960
19
1
DMZ
Firewall
13959
19
1
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 15/46
Number of Events by Rules
October 2004
Events by Rules
Internal Blocked
500000
480000
460000
440000
Outbound Blocked
420000
400000
380000
360000
340000
320000
Inbound Blocked
300000
Events
280000
260000
240000
220000
200000
Internal Accepted
180000
160000
140000
120000
100000
80000
Outbound Accepted
60000
40000
20000
al
in
te
rn
19
18
17
15
14
13
10
8
4
0
Inbound Accepted
Rules
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 16/46
Number of Events by Rules
Inbound
Rule
Accepted
Outbound
Blocked
Accepted
101
Internal
Blocked
15
17
18
19
5,836
63,975
7
104,888
281,556
118,543
34,925
1,422
2
27,104
internal
Total October 2004
2
4
69,822
Report printed on Friday November 12, 2004 at 11:53
27,207
Accepted
221
4
8
10
13
14
October 2004
Total Hits
Blocked
Accepted
17
Blocked
Total
339
12
12
339
12
546
36
6,481
106,116
6,382
36
111,369
387,672
6,382
36
111,369
506,282
67
63
27,828
34,988
65,397
7
54,944
34,988
65,401
7
54,944
11
3,160
3,171
605,874
177,057
782,931
© NetReport www.net-report.net
Page 17/46
12
4
3,160
3
422,795
149,754
113,257
118,610
96
4
Top 30 Accepted Internal Users Sorted by Hits.
October 2004
Source Area
Internal User
Hits
Hits %
LAN DataSet
LAN DataSet
LAN DataSet
DMZ
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
LAN DataSet
192.168.0.201/D7
192.168.0.202/PROXY
192.168.0.68
203.162.14.80/www.netreport.fr
192.168.0.61/KIWI
192.168.0.83/ABDEL
192.168.0.204
192.168.0.52/BOUZIGUES
192.168.0.62/PATATE
192.168.0.54/NR-FFBURTIN
192.168.0.51/TOMATE
192.168.0.53/CHIVAS
192.168.0.69
192.168.0.66/COMPTA
192.168.0.65/SKIPPER
192.168.0.74
192.168.0.67/CARAMBOLE
192.168.0.56/FRAISE
192.168.0.37/ZZA-G5DMV9I4B86
192.168.0.63/VMTOMATE
192.168.0.58/LYCHEE
192.168.0.59/IS~D72
192.168.0.77/VMTOMATE
192.168.0.84/VMWAREWINXPPRO
192.168.0.55/VMGGO
192.168.0.70/FEZ
192.168.0.241/B
192.168.0.57/VMVERO
192.168.0.71/VMGGO
192.168.0.73/VMABDEL
227,602
62,898
62,827
34,988
33,042
22,914
21,887
20,726
13,719
10,495
8,897
4,474
2,445
1,284
1,259
1,197
1,156
947
472
363
235
196
145
139
138
67
58
19
16
14
42.57%
11.77%
11.75%
6.54%
6.18%
4.29%
4.09%
3.88%
2.57%
1.96%
1.66%
0.84%
0.46%
0.24%
0.24%
0.22%
0.22%
0.18%
0.09%
0.07%
0.04%
0.04%
0.03%
0.03%
0.03%
0.01%
0.01%
0.00%
0.00%
0.00%
6,537
1,029,382
19,004
0.36%
57.46%
1.06%
155
49,187
279
0.28%
89.03%
0.50%
264,813
17,423
14.78%
0.97%
2,163
366
3.91%
0.66%
303
51,439
97,121
14,558
9,212
11,215
124,645
6
262
5,159
14,103
2
80,723
6,133
0.02%
2.87%
5.42%
0.81%
0.51%
0.63%
6.96%
0.00%
0.01%
0.29%
0.79%
0.00%
4.51%
0.34%
7
519
1,125
135
35
191
468
143
44
0.01%
0.94%
2.04%
0.24%
0.06%
0.35%
0.85%
0.00%
0.04%
0.32%
0.15%
0.00%
0.26%
0.08%
19,567
1.09%
34
0.06%
680
18,400
203
30
0.04%
1.03%
0.01%
0.00%
82
15
6
5
0.15%
0.03%
0.01%
0.01%
420
0.02%
6
0.01%
Total for the above User list:
534,619
100.00%
1,791,342
100.00%
55,245
100.00%
Total for all User for the same period:
534,626
Report printed on Friday November 12, 2004 at 11:53
K-Bytes K-Bytes % Elapsed Time (min) Elaps. Time %
1,791,342
21
178
83
55,245
© NetReport www.net-report.net
Page 18/46
Top 30 Accepted Visitors Sorted by Hits.
October 2004
Source Area
Visitor
External
External
External
External
External
External
External
External
External
External
External
External
External
External
External
External
External
External
External
External
External
External
External
External
External
External
External
External
External
External
213.41.140.159/monchel.net1.nerim.NET
213.146.130.30/213-146-130-30-in-addr.intechnology.co.uk
217.7.71.189
207.46.98.83
195.6.68.20
66.249.65.236
194.98.147.189
213.53.164.236
212.81.78.219
82.120.124.134/AVelizy-152-1-34-134.w82-120.abo.wanadoo.fr
82.120.1.106/AVelizy-152-1-3-106.w82-120.abo.wanadoo.fr
212.210.11.4
62.101.126.215/62-101-126-215.fastres.NET
63.238.163.79
82.124.130.198/APuteaux-153-1-38-198.w82-124.abo.wanadoo.fr
62.134.32.25
82.120.125.77/AVelizy-152-1-35-77.w82-120.abo.wanadoo.fr
62.160.159.241
217.14.40.1
212.11.18.190/pompiers-nat.clients.easynet.fr
82.124.48.159/APuteaux-153-1-2-159.w82-124.abo.wanadoo.fr
212.214.255.93
212.129.58.114
82.168.63.4/82-168-63-4-bbxl.xdsl.tiscali.nl
81.208.45.7
81.251.84.227/AMontpellier-251-1-36-227.w81-251.abo.wanadoo.fr
80.21.84.11/host11-84.pool8021.interbusiness.it
62.23.218.34/host.34.218.23.62.rev.coltfrance.COM
66.147.154.3/wfp2.almaden.ibm.com
195.195.18.1
Total for the above User list:
Total for all User for the same period:
Report printed on Friday November 12, 2004 at 11:53
Hits
Hits %
26,281
8,861
2,718
1,469
1,010
646
574
541
493
491
484
478
470
438
383
374
352
338
306
286
282
264
263
262
258
251
246
244
210
194
53.13%
17.91%
5.49%
2.97%
2.04%
1.31%
1.16%
1.09%
1.00%
0.99%
0.98%
0.97%
0.95%
0.89%
0.77%
0.76%
0.71%
0.68%
0.62%
0.58%
0.57%
0.53%
0.53%
0.53%
0.52%
0.51%
0.50%
0.49%
0.42%
0.39%
12,844
60,606
10,234
31,516
26,318
5,261
13,908
7,928
33,180
2,654
4,330
3,280
9,548
165
3,068
859
2,005
8,286
4,480
2,404
1,369
2,463
16,203
5,129
7,422
1,090
2,188
9,139
1,104
1,471
4.42%
20.87%
3.52%
10.85%
9.06%
1.81%
4.79%
2.73%
11.42%
0.91%
1.49%
1.13%
3.29%
0.06%
1.06%
0.30%
0.69%
2.85%
1.54%
0.83%
0.47%
0.85%
5.58%
1.77%
2.56%
0.38%
0.75%
3.15%
0.38%
0.51%
321
23,366
45
69
71
116
118
54
167
30
29
16
106
3
44
7
17
22
14
7
83
94
414
93
155
19
36
60
4
194
1.25%
90.65%
0.17%
0.27%
0.28%
0.45%
0.46%
0.21%
0.65%
0.12%
0.11%
0.06%
0.41%
0.01%
0.17%
0.03%
0.07%
0.09%
0.06%
0.03%
0.32%
0.36%
1.60%
0.36%
0.60%
0.08%
0.14%
0.23%
0.02%
0.75%
49,467
100.00%
290,454
100.00%
25,775
100.00%
534,626
K-Bytes K-Bytes % Elapsed Time (min) Elaps. Time %
1,791,342
55,245
© NetReport www.net-report.net
Page 19/46
Top 10 Accepted Internal Users with their Top 10 Accepted Services
October 2004
Source Area
Internal User
LAN DataSet
192.168.0.201/D7
LAN DataSet
Service
Comment
Destination Area
Rule
Total Hits
227,602
53
Domain Name Server
External
14
149,765
110
Post Office Protocol - Version 3
External
14
35,478
80
World Wide Web HTTP
External
13
23,687
68
Bootstrap Protocol Client
External
14
3,481
67
Bootstrap Protocol Server
External
14
3,358
25
Simple Mail Transfer
External
14
1,555
1055
ANSYS - License Manager
LAN DataSet
14
574
1054
BRVREAD
LAN DataSet
14
505
1283
ProductInfo
LAN DataSet
14
336
1284
IEE-QFX
LAN DataSet
14
336
192.168.0.202/PROXY
62,898
80
World Wide Web HTTP
External
13
61,476
443
http protocol over TLS/SSL
External
14
820
80
World Wide Web HTTP
DMZ
13
506
900
OMG Initial Refs
External
14
8
2001
curry
External
14
3
21
File Transfer [Control]
External
14
2
3506
APC 3506
LAN DataSet
14
2
External
14
2
59480
8080
HTTP Alternate (see port 80)
External
14
2
1736
street-stream
LAN DataSet
14
1
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 20/46
Top 10 Accepted Internal Users with their Top 10 Accepted Services
October 2004
Source Area
Internal User
LAN DataSet
192.168.0.68
Service
Comment
LAN DataSet
Rule
Total Hits
62,827
4662
edonkey
External
14
19,996
4672
remote file access server
External
14
14,699
4665
edonkey
External
14
7,087
External
14
3,555
4246
DMZ
Destination Area
53
Domain Name Server
External
14
2,525
80
World Wide Web HTTP
External
13
1,969
4661
Kar2ouche Peer location service
External
14
739
3310
Dyna Access
External
14
602
4650
External
14
587
4646
External
14
347
203.162.14.80/www.netreport.fr
34,988
53
Domain Name Server
External
15
34,748
25
Simple Mail Transfer
External
15
147
53
Domain Name Server
DMZ
15
61
80
World Wide Web HTTP
External
15
30
18184
OPSEC LEA (Checkpoint)
Firewall
15
2
192.168.0.61/KIWI
33,042
445
Microsoft-DS
DMZ
14
15,150
80
World Wide Web HTTP
External
13
3,871
143
Internet Message Access Protocol
LAN DataSet
8
483
External
14
355
External
14
242
15280
External
14
195
23825
External
14
180
50355
External
14
161
64014
External
14
158
28936
External
14
149
34300
110
Report printed on Friday November 12, 2004 at 11:53
Post Office Protocol - Version 3
© NetReport www.net-report.net
Page 21/46
Top 10 Accepted Internal Users with their Top 10 Accepted Services
October 2004
Source Area
Internal User
LAN DataSet
192.168.0.83/ABDEL
LAN DataSet
Service
Comment
Destination Area
Rule
Total Hits
22,914
445
Microsoft-DS
DMZ
14
19,858
80
World Wide Web HTTP
External
13
1,512
110
Post Office Protocol - Version 3
External
14
1,310
1863
MSN Messenger
External
14
95
21
File Transfer [Control]
DMZ
14
35
7001
callbacks to cache managers
External
14
23
80
World Wide Web HTTP
DMZ
13
22
5101
Talarian_UDP
External
14
10
1900
SSDP
Firewall
14
8
9
Discard
External
14
8
192.168.0.204
21,887
389
Lightweight Directory Access Protocol
LAN DataSet
14
20,518
53
Domain Name Server
External
14
1,336
1487
LocalInfoSrvr
LAN DataSet
14
1
1486
nms_topo_serv
LAN DataSet
14
1
1477
ms-sna-server
LAN DataSet
14
1
1377
Cichlid License Manager
LAN DataSet
14
1
1376
IBM Person to Person Software
LAN DataSet
14
1
1335
Digital Notary Protocol
LAN DataSet
14
1
1334
writesrv
LAN DataSet
14
1
1302
CI3-Software-2
LAN DataSet
14
1
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 22/46
Top 10 Accepted Internal Users with their Top 10 Accepted Services
October 2004
Source Area
Internal User
LAN DataSet
192.168.0.52/BOUZIGUES
LAN DataSet
Service
Comment
Destination Area
Rule
Total Hits
20,726
445
Microsoft-DS
DMZ
14
1,460
2409
SNS Protocol
External
14
887
1863
MSN Messenger
External
14
435
80
World Wide Web HTTP
External
13
413
123
Network Time Protocol
External
14
283
444
Simple Network Paging Protocol
External
14
72
443
http protocol over TLS/SSL
External
14
46
7001
callbacks to cache managers
External
14
22
1900
SSDP
Firewall
14
10
21
File Transfer [Control]
External
14
9
192.168.0.62/PATATE
13,719
2234
DirectPlay
External
14
5,832
80
World Wide Web HTTP
External
13
3,567
9888
CYBORG Systems
External
14
517
2235
Sercomm-WLink
External
14
171
445
Microsoft-DS
DMZ
14
41
2236
Nani
External
14
19
67
Bootstrap Protocol Server
External
14
18
1234
Infoseek Search Agent
External
14
14
443
http protocol over TLS/SSL
External
14
13
External
14
11
15249
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 23/46
Top 10 Accepted Internal Users with their Top 10 Accepted Services
October 2004
Source Area
Internal User
Service
LAN DataSet
192.168.0.54/NR-FFBURTIN
Comment
Destination Area
Rule
Total Hits
10,495
80
World Wide Web HTTP
DMZ
13
5,768
80
World Wide Web HTTP
External
13
3,575
110
Post Office Protocol - Version 3
External
14
457
25
Simple Mail Transfer
External
14
110
443
http protocol over TLS/SSL
External
14
76
21
File Transfer [Control]
External
14
22
12343
NetReport XML Configuration Server
DMZ
14
16
67
Bootstrap Protocol Server
External
14
15
LAN DataSet
14
2
LAN DataSet
14
2
1042
1064
Report printed on Friday November 12, 2004 at 11:53
JSTEL
© NetReport www.net-report.net
Page 24/46
Top 10 Accepted Visitors with their Top 10 Accepted Services
October 2004
Source Area
Visitor
External
213.41.140.159/monchel.net1.nerim.NET
External
External
Service
Comment
External
17
16,557
21
File Transfer [Control]
DMZ
17
6,549
143
Internet Message Access Protocol
LAN DataSet
8
2,217
80
World Wide Web HTTP
External
17
683
21
File Transfer [Control]
External
17
275
213.146.130.30/213-146-130-30-in-addr.intechnology.co.uk
8,861
80
World Wide Web HTTP
DMZ
17
5,518
143
Internet Message Access Protocol
LAN DataSet
8
2,573
21
File Transfer [Control]
DMZ
17
770
217.7.71.189
2,718
World Wide Web HTTP
DMZ
17
2,718
207.46.98.83
1,469
80
World Wide Web HTTP
DMZ
17
1,466
80
World Wide Web HTTP
External
17
3
195.6.68.20
1,010
World Wide Web HTTP
DMZ
17
1,010
66.249.65.236
646
World Wide Web HTTP
DMZ
17
646
194.98.147.189
574
80
External
26,281
DMZ
80
External
Total Hits
World Wide Web HTTP
80
External
Rule
80
80
External
Destination Area
World Wide Web HTTP
DMZ
17
574
213.53.164.236
541
80
Report printed on Friday November 12, 2004 at 11:53
World Wide Web HTTP
DMZ
17
541
© NetReport www.net-report.net
Page 25/46
Top 10 Accepted Visitors with their Top 10 Accepted Services
October 2004
Source Area
Visitor
External
212.81.78.219
External
Service
Comment
Destination Area
Rule
Total Hits
493
80
World Wide Web HTTP
DMZ
17
422
21
File Transfer [Control]
DMZ
17
37
143
Internet Message Access Protocol
LAN DataSet
8
34
82.120.124.134/AVelizy-152-1-34-134.w82-120.abo.wanadoo.fr
491
80
World Wide Web HTTP
DMZ
17
462
143
Internet Message Access Protocol
LAN DataSet
8
19
21
File Transfer [Control]
DMZ
17
10
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 26/46
Top 10 Blocked Internal Users with their Top 10 Blocked Services
October 2004
Source Area
Internal User
LAN DataSet
192.168.0.201/D7
LAN DataSet
Service
Comment
DMZ
Rule
Total Hits
121,699
53
Domain Name Server
External
14
53
Domain Name Server
External
internal
25
Simple Mail Transfer
External
1720
h323hostcall
LAN DataSet
118,540
3,154
4
14
1
192.168.17.1/BOUZIGUES
123
LAN DataSet
Destination Area
285
Network Time Protocol
External
19
285
192.168.1.1/BOUZIGUES
284
123
Network Time Protocol
External
19
283
514
Syslog
LAN DataSet
19
1
203.162.14.80/www.netreport.fr
53
163
External
internal
6
11024
External
19
5
12442
External
19
5
15616
External
19
5
21508
External
19
5
26022
External
19
5
30131
External
19
5
11134
External
19
4
19220
External
19
4
19321
External
19
4
Report printed on Friday November 12, 2004 at 11:53
Domain Name Server
© NetReport www.net-report.net
Page 27/46
Top 10 Blocked Internal Users with their Top 10 Blocked Services
October 2004
Source Area
Internal User
LAN DataSet
192.168.0.52/BOUZIGUES
LAN DataSet
LAN DataSet
Service
Comment
Total Hits
64
Firewall
14
1
6009
Firewall
14
1
6008
Firewall
14
1
6007
Firewall
14
1
6006
Firewall
14
1
6005
Firewall
14
1
6004
Firewall
14
1
6003
Firewall
14
1
6002
Firewall
14
1
6001
Firewall
14
1
192.168.0.68
46
4662
edonkey
External
34
4661
Kar2ouche Peer location service
External
5
80
World Wide Web HTTP
External
3
21
File Transfer [Control]
External
2
4313
External
1
23123
External
1
192.168.0.202/PROXY
40
World Wide Web HTTP
External
40
192.168.0.51/TOMATE
21
LAN DataSet
Rule
6010
80
LAN DataSet
Destination Area
14
File Transfer [Control]
DMZ
14
192.168.0.54/NR-FFBURTIN
14
80
World Wide Web HTTP
External
11
110
Post Office Protocol - Version 3
External
2
21
File Transfer [Control]
External
1
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 28/46
Top 10 Blocked Internal Users with their Top 10 Blocked Services
October 2004
Source Area
Internal User
LAN DataSet
192.168.0.61/KIWI
Service
Comment
Destination Area
Rule
Total Hits
8
80
World Wide Web HTTP
External
1720
h323hostcall
LAN DataSet
81
HOSTS2 Name Server
External
Report printed on Friday November 12, 2004 at 11:53
5
14
2
1
© NetReport www.net-report.net
Page 29/46
Top 10 Blocked Visitors with their Top 10 Blocked Services
October 2004
Source Area
Visitor
Service
Comment
External
81.251.213.44/AMontpellier-251-1-41-44.w81-251.abo.wanadoo.fr
1434
External
Microsoft-SQL-Monitor
1,733
External
19
1,733
Microsoft-DS
965
External
19
2
External
19
1
1007
External
19
1
1006
External
19
1
1005
External
19
1
1004
External
19
1
1003
External
19
1
1002
External
19
1
External
19
1
External
19
1
1000
cadlock2
81.56.188.158/lns-p19-27f-81-56-188-158.adsl.proxad.NET
2234
DirectPlay
574
External
19
574
83.113.111.140/AMontpellier-251-1-26-140.w83-113.abo.wanadoo.fr
1434
External
Total Hits
1008
1001
External
Rule
213.56.43.166/lo024927-gw.rain.fr
445
External
Destination Area
Microsoft-SQL-Monitor
151
External
19
151
64.233.161.104
125
23078
External
19
4
22557
External
19
3
22676
External
19
3
23057
External
19
3
22531
External
19
2
22507
External
19
2
22504
External
19
2
22502
External
19
2
22560
External
19
2
22559
External
19
2
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 30/46
Top 10 Blocked Visitors with their Top 10 Blocked Services
October 2004
Source Area
Visitor
External
64.233.161.99
External
Service
Comment
External
19
3
22679
External
19
3
22699
External
19
3
22760
External
19
3
22816
External
19
3
22949
External
19
3
23034
External
19
3
22486
External
19
2
22475
External
19
2
22470
External
19
2
82.127.168.133/ALille-151-1-10-133.w82-127.abo.wanadoo.fr
Microsoft-DS
99
External
19
99
82.127.228.118/ALille-151-2-5-118.w82-127.abo.wanadoo.fr
Microsoft-DS
97
External
19
97
82.127.228.114/ALille-151-2-5-114.w82-127.abo.wanadoo.fr
445
External
Total Hits
22537
445
External
Rule
123
445
External
Destination Area
Microsoft-DS
83
External
19
83
172.187.112.95/ACBB705F.ipt.aol.com
2234
Report printed on Friday November 12, 2004 at 11:53
DirectPlay
82
External
19
82
© NetReport www.net-report.net
Page 31/46
Top 30 Incoming Accepted Services Sorted by K-Bytes.
October 2004
Service
Service Comment
21
80
53
143
44343
File Transfer [Control]
World Wide Web HTTP
Domain Name Server
Internet Message Access Protocol
K-Bytes K-Bytes %
Hits
Hits % Elapsed Time (min) Elaps. Time %
1,220,495
1,216,243
50.09%
49.91%
0.00%
7,449
55,102
2
5,836
7
10.89%
80.56%
0.00%
8.53%
0.01%
24,764
15,842
60.99%
39.01%
Total for the above Incoming Accepted Services list:
2,436,738
100.00%
68,396
100.00%
40,606
100.00%
Total for all Incoming Accepted Services for the same period:
2,436,738
Report printed on Friday November 12, 2004 at 11:53
68,396
40,606
© NetReport www.net-report.net
Page 32/46
Top 30 Outgoing Accepted Services Sorted by K-Bytes.
October 2004
Service
Service Comment
80
53
110
4662
4672
4665
2234
67
4246
68
25
1863
443
2409
4661
3310
4650
9888
34300
4646
2491
123
8084
9959
12769
6569
7658
4577
5682
5672
World Wide Web HTTP
Domain Name Server
Post Office Protocol - Version 3
edonkey
remote file access server
edonkey
DirectPlay
Bootstrap Protocol Server
K-Bytes K-Bytes %
Hits
Hits % Elapsed Time (min) Elaps. Time %
1,687,453
100.00%
104,929
188,783
38,070
20,309
14,699
7,109
5,832
3,604
3,565
3,481
1,852
1,464
1,288
887
750
606
588
517
355
348
305
302
300
295
292
292
291
288
285
274
26.10%
46.97%
9.47%
5.05%
3.66%
1.77%
1.45%
0.90%
0.89%
0.87%
0.46%
0.36%
0.32%
0.22%
0.19%
0.15%
0.15%
0.13%
0.09%
0.09%
0.08%
0.08%
0.07%
0.07%
0.07%
0.07%
0.07%
0.07%
0.07%
0.07%
52,713
100.00%
Total for the above Accepted Outgoing Services list:
1,687,453
100.00%
401,960
100.00%
52,713
100.00%
Total for all Accepted Outgoing Services for the same period:
1,687,453
Bootstrap Protocol Client
Simple Mail Transfer
MSN Messenger
http protocol over TLS/SSL
SNS Protocol
Kar2ouche Peer location service
Dyna Access
CYBORG Systems
Conclave CPP
Network Time Protocol
Report printed on Friday November 12, 2004 at 11:53
421,369
52,713
© NetReport www.net-report.net
Page 33/46
Top 10 Accepted Services with their Top 10 Accepted Internal Users
October 2004
Service Comment
53
80
Internal User
Domain Name Server
Source Area
Destination Area
Rule
Total Hits
LAN DataSet
154,239
192.168.0.201/D7
External
14
149,765
192.168.0.68
External
14
2,525
192.168.0.204
External
14
1,336
192.168.0.51/TOMATE
External
14
324
192.168.0.68
LAN DataSet
14
202
192.168.0.67/CARAMBOLE
External
14
53
192.168.0.241/B
External
14
18
192.168.0.74
External
14
13
192.168.0.52/BOUZIGUES
Firewall
14
2
192.168.0.53/CHIVAS
External
14
1
World Wide Web HTTP
LAN DataSet
111,380
192.168.0.202/PROXY
External
13
61,476
192.168.0.201/D7
External
13
23,687
192.168.0.54/NR-FFBURTIN
DMZ
13
5,768
192.168.0.61/KIWI
External
13
3,871
192.168.0.54/NR-FFBURTIN
External
13
3,575
192.168.0.62/PATATE
External
13
3,567
192.168.0.68
External
13
1,969
192.168.0.83/ABDEL
External
13
1,512
192.168.0.51/TOMATE
External
13
1,420
192.168.0.66/COMPTA
External
13
1,017
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 34/46
Top 10 Accepted Services with their Top 10 Accepted Internal Users
October 2004
Service Comment
445
110
53
389
Internal User
Microsoft-DS
Source Area
Destination Area
Rule
Total Hits
LAN DataSet
38,621
192.168.0.83/ABDEL
DMZ
14
19,858
192.168.0.61/KIWI
DMZ
14
15,150
192.168.0.52/BOUZIGUES
DMZ
14
1,460
192.168.0.74
DMZ
14
942
192.168.0.51/TOMATE
DMZ
14
717
192.168.0.53/CHIVAS
DMZ
14
412
192.168.0.62/PATATE
DMZ
14
41
192.168.0.65/SKIPPER
DMZ
14
27
192.168.0.55/VMGGO
DMZ
14
9
192.168.0.69
LAN DataSet
14
3
Post Office Protocol - Version 3
LAN DataSet
38,072
192.168.0.201/D7
External
14
35,478
192.168.0.83/ABDEL
External
14
1,310
192.168.0.54/NR-FFBURTIN
External
14
457
192.168.0.69
External
14
291
192.168.0.68
External
14
246
192.168.0.61/KIWI
External
14
242
192.168.0.74
External
14
30
192.168.0.241/B
External
14
14
192.168.0.52/BOUZIGUES
Firewall
14
2
192.168.0.53/CHIVAS
External
14
2
Domain Name Server
DMZ
34,809
203.162.14.80/www.netreport.fr
External
15
34,748
203.162.14.80/www.netreport.fr
DMZ
15
61
Lightweight Directory Access Protocol
LAN DataSet
20,520
192.168.0.204
LAN DataSet
14
20,518
192.168.0.52/BOUZIGUES
Firewall
14
2
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 35/46
Top 10 Accepted Services with their Top 10 Accepted Internal Users
October 2004
Service Comment
4662
4672
2234
4665
Internal User
edonkey
Source Area
Destination Area
Rule
Total Hits
LAN DataSet
20,316
192.168.0.68
External
14
19,996
192.168.0.37/ZZA-G5DMV9I4B86
External
14
313
192.168.0.53/CHIVAS
LAN DataSet
14
3
192.168.0.52/BOUZIGUES
Firewall
14
2
192.168.0.62/PATATE
LAN DataSet
14
1
192.168.0.61/KIWI
LAN DataSet
14
1
remote file access server
LAN DataSet
14,704
192.168.0.68
External
14
14,699
192.168.0.52/BOUZIGUES
Firewall
14
2
192.168.0.61/KIWI
LAN DataSet
14
1
192.168.0.54/NR-FFBURTIN
LAN DataSet
14
1
192.168.0.201/D7
LAN DataSet
14
1
DirectPlay
LAN DataSet
11,742
192.168.0.51/TOMATE
Firewall
14
5,896
192.168.0.62/PATATE
External
14
5,832
192.168.0.62/PATATE
Firewall
14
8
192.168.0.52/BOUZIGUES
Firewall
14
2
192.168.0.53/CHIVAS
LAN DataSet
14
2
192.168.0.62/PATATE
LAN DataSet
14
1
192.168.0.52/BOUZIGUES
LAN DataSet
14
1
edonkey
LAN DataSet
7,129
192.168.0.68
External
14
7,087
192.168.0.37/ZZA-G5DMV9I4B86
External
14
22
192.168.0.201/D7
LAN DataSet
14
14
192.168.0.52/BOUZIGUES
Firewall
14
2
192.168.0.61/KIWI
LAN DataSet
14
2
192.168.0.54/NR-FFBURTIN
LAN DataSet
14
1
192.168.0.53/CHIVAS
LAN DataSet
14
1
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 36/46
Top 10 Accepted Services with their Top 10 Accepted Visitors
October 2004
Service Comment
80
21
Visitor
World Wide Web HTTP
Source Area
Destination Area
Rule
Total Hits
External
56,245
213.41.140.159/monchel.net1.nerim.NET
DMZ
17
16,557
213.146.130.30/213-146-130-30-in-addr.intechnology.co.uk
DMZ
17
5,518
217.7.71.189
DMZ
17
2,718
207.46.98.83
DMZ
17
1,466
195.6.68.20
DMZ
17
1,010
213.41.140.159/monchel.net1.nerim.NET
External
17
683
66.249.65.236
DMZ
17
646
194.98.147.189
DMZ
17
574
213.53.164.236
DMZ
17
541
212.210.11.4
DMZ
17
478
File Transfer [Control]
External
7,726
213.41.140.159/monchel.net1.nerim.NET
DMZ
17
6,549
213.146.130.30/213-146-130-30-in-addr.intechnology.co.uk
DMZ
17
770
213.41.140.159/monchel.net1.nerim.NET
External
17
275
212.81.78.219
DMZ
17
37
62.197.79.66/ns.gobinjf.be
DMZ
17
20
82.120.124.134/AVelizy-152-1-34-134.w82-120.abo.wanadoo DMZ
.fr
82.120.131.93/AVelizy-152-1-14-93.w82-120.abo.wanadoo.fr DMZ
17
10
17
8
82.120.247.13/AVelizy-152-1-45-13.w82-120.abo.wanadoo.fr DMZ
17
8
217.117.32.9/vt1.nrb.be
DMZ
17
5
62.72.119.190/nokia-prod.nextiraone.be
DMZ
17
5
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 37/46
Top 10 Accepted Services with their Top 10 Accepted Visitors
October 2004
Service Comment
143
Internet Message Access Protocol
44343
53
500
Visitor
Source Area
Rule
Total Hits
External
5,836
213.146.130.30/213-146-130-30-in-addr.intechnology.co.uk
LAN DataSet
8
2,573
213.41.140.159/monchel.net1.nerim.NET
LAN DataSet
8
2,217
83.113.231.93/AMontpellier-251-1-9-93.w83-113.abo.wanado LAN DataSet
o.fr
81.251.213.44/AMontpellier-251-1-41-44.w81-251.abo.wanad LAN DataSet
oo.fr
82.124.130.198/APuteaux-153-1-38-198.w82-124.abo.wanad
LAN DataSet
8
182
8
165
8
157
oo.fr
82.124.2.181/APuteaux-153-1-32-181.w82-124.abo.wanadoo. LAN DataSet
fr
82.124.187.173/APuteaux-153-1-25-173.w82-124.abo.wanad LAN DataSet
oo.fr
82.124.130.119/APuteaux-153-1-38-119.w82-124.abo.wanad LAN DataSet
8
73
8
54
8
49
oo.fr
82.124.51.130/APuteaux-153-1-5-130.w82-124.abo.wanadoo. LAN DataSet
fr
82.124.128.43/APuteaux-153-1-36-43.w82-124.abo.wanadoo. LAN DataSet
fr
External
8
43
8
37
80.132.75.196/p50844BC4.dip0.t-ipconnect.de
18
Domain Name Server
LAN DataSet
7
7
External
4
168.75.176.72
External
17
2
213.56.43.166/lo024927-gw.rain.fr
DMZ
17
2
isakmp
External
213.56.43.166/lo024927-gw.rain.fr
264
Destination Area
BGMP
3
External
internal
3
External
213.56.43.166/lo024927-gw.rain.fr
Report printed on Friday November 12, 2004 at 11:53
1
External
internal
1
© NetReport www.net-report.net
Page 38/46
Top 10 Blocked Services with their Top 10 Blocked Internal Users
October 2004
Service Comment
53
123
80
4662
Internal User
Domain Name Server
Source Area
1434
2234
Rule
121,696
192.168.0.201/D7
External
14
192.168.0.201/D7
External
internal
192.168.0.67/CARAMBOLE
External
14
Network Time Protocol
Total Hits
LAN DataSet
118,540
3,154
2
LAN DataSet
568
192.168.17.1/BOUZIGUES
External
19
285
192.168.1.1/BOUZIGUES
External
19
283
World Wide Web HTTP
LAN DataSet
62
192.168.0.202/PROXY
External
40
192.168.0.54/NR-FFBURTIN
External
11
192.168.0.61/KIWI
External
5
192.168.0.68
External
3
192.168.0.66/COMPTA
External
3
edonkey
LAN DataSet
192.168.0.68
21
Destination Area
File Transfer [Control]
34
External
34
LAN DataSet
20
192.168.0.51/TOMATE
DMZ
14
192.168.0.83/ABDEL
DMZ
3
192.168.0.68
External
2
192.168.0.54/NR-FFBURTIN
External
1
Microsoft-SQL-Monitor
LAN DataSet
9
192.168.111.1
External
19
8
192.168.44.1
External
19
1
DirectPlay
LAN DataSet
192.168.0.62/PATATE
Report printed on Friday November 12, 2004 at 11:53
6
External
6
© NetReport www.net-report.net
Page 39/46
Top 10 Blocked Services with their Top 10 Blocked Internal Users
October 2004
Service Comment
53
Internal User
Domain Name Server
Source Area
Rule
Total Hits
DMZ
203.162.14.80/www.netreport.fr
11024
Destination Area
6
External
internal
6
DMZ
203.162.14.80/www.netreport.fr
12442
5
External
19
5
DMZ
203.162.14.80/www.netreport.fr
Report printed on Friday November 12, 2004 at 11:53
5
External
19
5
© NetReport www.net-report.net
Page 40/46
Top 10 Blocked Services with their Top 10 Blocked Visitors
October 2004
Service Comment
445
2234
Visitor
Microsoft-DS
Source Area
Destination Area
Rule
Total Hits
External
16,421
82.127.168.133/ALille-151-1-10-133.w82-127.abo.wanadoo.fr External
19
99
82.127.228.118/ALille-151-2-5-118.w82-127.abo.wanadoo.fr
External
19
97
82.127.228.114/ALille-151-2-5-114.w82-127.abo.wanadoo.fr
External
19
83
82.127.165.109/ALille-151-1-7-109.w82-127.abo.wanadoo.fr
External
19
77
82.127.230.224/ALille-151-2-7-224.w82-127.abo.wanadoo.fr
External
19
75
82.127.164.239/ALille-151-1-6-239.w82-127.abo.wanadoo.fr
External
19
69
82.127.231.111/ALille-151-2-8-111.w82-127.abo.wanadoo.fr
External
19
67
82.127.233.71/ALille-151-1-24-71.w82-127.abo.wanadoo.fr
External
19
62
82.127.165.79/ALille-151-1-7-79.w82-127.abo.wanadoo.fr
External
19
60
82.127.175.167/ALille-151-1-17-167.w82-127.abo.wanadoo.fr External
19
57
DirectPlay
External
5,463
81.56.188.158/lns-p19-27f-81-56-188-158.adsl.proxad.NET
External
19
574
172.187.112.95/ACBB705F.ipt.aol.com
External
19
82
66.32.154.154/user-11216kq.dsl.mindspring.com
External
19
58
213.41.136.114/wanderland.org
External
19
46
68.164.15.25/h-68-164-15-25.chcgilgm.dynamic.covad.NET
External
19
28
200.64.114.124/dup-200-64-114-124.prodigy.net.mx
External
19
10
201.255.9.1
External
19
9
217.146.127.248/meridian2.adsl.wizards.co.uk
External
19
9
193.226.242.2/adsl1538.freestart.hu
External
19
7
200.64.114.143/dup-200-64-114-143.prodigy.net.mx
External
19
6
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 41/46
Top 10 Blocked Services with their Top 10 Blocked Visitors
October 2004
Service Comment
1434
1026
Visitor
Microsoft-SQL-Monitor
Source Area
Destination Area
Rule
Total Hits
External
1,974
81.251.213.44/AMontpellier-251-1-41-44.w81-251.abo.wanad External
oo.fr
83.113.111.140/AMontpellier-251-1-26-140.w83-113.abo.wan External
adoo.fr
81.16.238.5/81-16-239-5.lenet.lt
External
19
1,733
19
151
19
4
202.108.249.21
External
19
3
61.210.143.226/ntshga022226.shga.nt.ftth.ppp.infoweb.ne.jp External
19
3
61.233.159.248
External
19
3
193.6.242.149
External
19
2
211.137.99.250
External
19
2
220.218.135.69/usen-220x218x135x69.ap-US00.usen.ad.jp
External
19
2
61.150.85.167
External
19
2
Calender Access Protocol
External
174
206.225.84.43/206-225-84-43.dedicated.abac.NET
External
19
18
208.51.89.11
External
19
10
208.51.89.16
External
19
10
208.51.89.76
External
19
10
208.51.89.86
External
19
9
208.51.89.96
External
19
8
208.51.89.21
External
19
7
208.51.89.81
External
19
7
61.129.115.91
External
19
7
208.51.89.36
External
19
5
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 42/46
Top 10 Blocked Services with their Top 10 Blocked Visitors
October 2004
Service Comment
5554
113
Visitor
SGI ESP HTTP
Source Area
Destination Area
Rule
Total Hits
External
160
82.127.136.241/ALille-251-1-30-241.w82-127.abo.wanadoo.fr External
19
7
82.127.173.152/ALille-151-1-15-152.w82-127.abo.wanadoo.fr External
19
7
81.250.27.77/ALille-209-1-15-77.w81-250.abo.wanadoo.fr
External
19
6
82.127.147.119/ALille-251-1-5-119.w82-127.abo.wanadoo.fr
External
19
5
82.127.164.101/ALille-151-1-6-101.w82-127.abo.wanadoo.fr
External
19
5
82.127.219.193/ALille-251-2-5-193.w82-127.abo.wanadoo.fr
External
19
4
82.127.142.200/ALille-251-1-36-200.w82-127.abo.wanadoo.fr External
19
3
82.127.162.228/ALille-151-1-4-228.w82-127.abo.wanadoo.fr
External
19
3
82.127.194.209/ALille-251-1-40-209.w82-127.abo.wanadoo.fr External
19
3
82.127.196.206/ALille-251-1-42-206.w82-127.abo.wanadoo.fr External
19
3
Authentication Service
External
94
194.242.114.10/delta.easy-hebergement.NET
External
19
17
67.72.102.2/unknown.flatiron.NET
External
19
6
195.220.66.26
External
19
4
82.127.168.248/ALille-151-1-10-248.w82-127.abo.wanadoo.fr External
19
3
200.68.8.53/mail1.cesmec.cl
External
19
2
200.17.33.1/benfica.cefet-ce.br
External
19
2
195.113.20.5/smtp2.ms.mff.cuni.cz
External
19
2
211.125.64.73/www2.axel.co.jp
External
19
2
213.131.235.104/104.235.131.213.rev.inetbone.NET
External
19
2
82.127.163.31/ALille-151-1-5-31.w82-127.abo.wanadoo.fr
External
19
2
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 43/46
Top 10 Blocked Services with their Top 10 Blocked Visitors
October 2004
Service Comment
1027
80
Visitor
ExoSee
Source Area
Destination Area
Rule
Total Hits
External
87
61.129.115.91
External
19
7
69.50.177.27
External
19
2
195.128.51.176
External
19
1
195.126.172.238
External
19
1
195.126.125.232
External
19
1
195.125.197.198
External
19
1
195.114.154.95
External
19
1
195.113.22.54/X.troja.mff.cuni.cz
External
19
1
195.113.105.126/cl105126.osu.cz
External
19
1
195.112.71.122
External
19
1
World Wide Web HTTP
External
81
217.230.97.236/pD9E661EC.dip.t-dialin.NET
External
50
212.129.58.114
External
12
216.204.105.226/ipn36372-b75106.cidr.lightship.NET
External
3
195.67.10.238/
External
3
195.53.119.2
External
2
195.243.148.254
External
2
213.146.130.30/213-146-130-30-in-addr.intechnology.co.uk
External
2
69.19.34.66/dpc691934066.direcpc.COM
External
2
62.101.126.215/62-101-126-215.fastres.NET
External
1
213.42.2.25
External
1
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 44/46
Top 10 Blocked Services with their Top 10 Blocked Visitors
October 2004
Service Comment
9898
2745
Visitor
MonkeyCom
Source Area
Destination Area
Rule
Total Hits
External
60
218.91.47.23
External
19
1
218.87.135.242
External
19
1
218.254.130.146/cm218-254-130-146.hkcable.com.hk
External
19
1
218.25.128.152
External
19
1
218.229.232.3/hcou118003.catv.ppp.infoweb.ne.jp
External
19
1
218.191.186.161
External
19
1
218.18.42.242
External
19
1
218.178.136.139/YahooBB218178136139.bbtec.NET
External
19
1
218.154.254.238
External
19
1
218.103.251.96/n218103251096.netvigator.com
External
19
1
URBISNET
External
82.127.219.79/ALille-251-2-5-79.w82-127.abo.wanadoo.fr
49
External
19
5
82.127.132.168/ALille-251-1-26-168.w82-127.abo.wanadoo.fr External
19
2
82.127.128.22/ALille-251-1-22-22.w82-127.abo.wanadoo.fr
External
19
2
82.127.121.174/LNeuilly-152_22-2-174.w82-127.abo.wanado External
o.fr
82.127.135.69/ALille-251-1-29-69.w82-127.abo.wanadoo.fr
External
19
2
19
2
82.127.194.25/ALille-251-1-40-25.w82-127.abo.wanadoo.fr
External
19
2
82.127.234.105/ALille-151-1-23-105.w82-127.abo.wanadoo.fr External
19
2
82.127.154.18/ALille-251-1-12-18.w82-127.abo.wanadoo.fr
External
19
1
82.127.143.180/ALille-251-1-37-180.w82-127.abo.wanadoo.fr External
19
1
82.127.133.85/ALille-251-1-27-85.w82-127.abo.wanadoo.fr
19
1
Report printed on Friday November 12, 2004 at 11:53
External
© NetReport www.net-report.net
Page 45/46
Top 10 Users & Visitors Using the Greatest Variety of Services
October 2004
Internal Users
Accepted
Blocked
Distinct Services Number of Hits
Total
Distinct Services Number of Hits
Distinct Services Number of Hits
192.168.0.52/BOUZIGUES
7,936
20,726
64
64
8,000
20,790
192.168.0.61/KIWI
4,919
33,042
3
8
4,920
33,050
192.168.0.62/PATATE
2,524
13,719
2
7
2,525
13,726
192.168.0.53/CHIVAS
2,286
4,474
2,286
4,474
192.168.0.201/D7
1,657
227,602
1,658
349,301
192.168.0.65/SKIPPER
1,033
1,259
1,033
1,259
192.168.0.69
542
2,445
542
2,445
192.168.0.54/NR-FFBURTIN
446
10,495
3
14
446
10,509
192.168.0.68
418
62,827
6
46
418
62,873
192.168.0.51/TOMATE
285
8,897
1
14
285
8,911
External Visitors
Accepted
5
121,699
Blocked
Distinct Services Number of Hits
213.56.43.166/lo024927-gw.rain.fr
3
11
Total
Distinct Services Number of Hits
Distinct Services Number of Hits
964
965
969
976
64.233.161.99
74
123
74
123
64.233.161.104
70
125
70
125
64.4.12.201/echo-v2.msgr.hotmail.com
51
51
51
51
213.156.52.112/213-156-52-112.fastres.NET
1
26
30
30
31
56
81.208.74.176/81-208-74-176.fastres.NET
1
4
30
30
31
34
83.113.239.216/AMontpellier-251-1-17-216.w83-113.abo.wanadoo.fr
18
18
18
18
209.171.52.99/www.codeproject.COM
17
17
17
17
81.69.254.248/bml-1e0f8.adsl.wanadoo.nl
14
14
14
14
81.77.232.41/user-2089.l4.c1.dsl.pol.co.uk
14
14
14
14
Report printed on Friday November 12, 2004 at 11:53
© NetReport www.net-report.net
Page 46/46

Similar documents

2024 © doczz.net
About us | DMCA / GDPR | Abuse