TCP TCP TCP fin TCP NULL UDP ICMP Unreachable finger phf nph-test-cgi php ftp 18 1
Size: px
Start display at page:

Download "TCP TCP TCP fin TCP NULL UDP ICMP Unreachable finger phf nph-test-cgi php ftp 18 1"

Transcription

1

2 TCP TCP TCP fin TCP NULL UDP ICMP Unreachable finger phf nph-test-cgi php ftp http smtp VRFY,EXPN smtp OOB SYN FLOOD Land Teardrop Smurf UDP Flood F Malformed HTTP Request Header Connection Flood rpc.sadmind rpc.sadmind Malformed HTR Request Malformed HTR Request 46

3 TCP TCP TCP fin TCP NULL UDP ICMP Unreachable able finger ftp http smtp VRFY,EXPN smtp Smurf UDP Flood Malformed HTTP Request Header rpc.sadmind rpc.sadmind Malformed HTR Request Malformed HTR Request 96 3 RealSecure Network Engine RealSecure System Agent 105

4 1 1.1 TCP RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 1795,2000/3/ ,Port_Scan,6,1780,204,1780,204, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE,0 1796,2000/3/ ,Port_Scan,6,3291,8,3291,8, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE,0 1797,2000/3/ ,Port_Scan,6,4902,554,4902,554, , , , ,,,,1,FALSE,00C0F6B30F12,, CE 8,,0,,0, ,FALSE,0 1798,2000/3/ ,Port_Scan,6,4396,435,4396,435, , , , ,,,,1,FALSE,00C0F6B30F12,, CE 8,,0,,0, ,FALSE,0 1799,2000/3/ ,SYNFlood,6,0,699,Any,699,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FA LSE,0 1800,2000/3/ ,SYNFlood,6,0,480,Any,480,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FA LSE,0 1801,2000/3/ ,SYNFlood,6,0,424,Any,424,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FA LSE,0 1802,2000/3/ ,SYNFlood,6,0,453,Any,453,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FA LSE,0 1803,2000/3/ ,SYNFlood,6,0,648,Any,648,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FA LSE,0 1804,2000/3/ ,SYNFlood,6,0,1112,Any,1112,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FALSE,0 (snip 135 records) 1939,2000/3/ ,SYNFlood,6,0,507,Any,507,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FA LSE,0 1940,2000/3/ ,SYNFlood,6,0,421,Any,421,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FA LSE,0 1941,2000/3/ ,SYNFlood,6,0,1418,Any,1418,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FALSE,0 1942,2000/3/ ,SYNFlood,6,0,440,Any,440,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FA LSE,0 1943,2000/3/ ,SYNFlood,6,0,274,Any,274,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, , FALSE,0 1944,2000/3/ ,SYNFlood,6,0,174,Any,174,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FA LSE,0 1945,2000/3/ ,SYNFlood,6,0,307,Any,307,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, , FALSE,0 1946,2000/3/ ,SYNFlood,6,0,495,Any,495,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FA LSE,0 1947,2000/3/ ,SYNFlood,6,0,1068,Any,1068,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FALSE,0 1948,2000/3/ ,SYNFlood,6,0,865,Any,865,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, , FALSE,0 1949,2000/3/ ,SYNFlood,6,0,806,Any,806,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, , FALSE,0-1 -

5 1.1.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 14410,2000/3/ ,Port_Scan,6,1780,204,1780,204, , , , ,,,,1,FALSE, CE6,, EEA,,0,,0, ,FALSE, ,2000/3/ ,Port_Scan,6,3291,8,3291,8, , , , ,,,,1,FALSE, CE6,,00C02626E505,,0,,0, ,FALSE, FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. 4Mar2000" "130656" "nei0" "fw" "log" "accept" "" "ipa3" "dmz-mail" "icmp" "4" "" "" "" "" "" "" "" "" " icmp-type 8 icmp-code 0" "40" "14Mar2000" "130656" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "60991" "" "" "" "" "" "" "" " len 40" "41" "14Mar2000" "130656" "nei1" "fw" "log" "accept" "" "dmz-mail" "ipa3" "icmp" "8" "" "" "" "" "" "" "" "" " icmp-type 0 icmp-code 0" "42" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "118" "ipa3" "dmz-mail" "tcp" "4" "1744" "" "" "" "" "" "" "" " len 60" "43" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "1426" "ipa3" "dmz-mail" "tcp" "4" "1745" "" "" "" "" "" "" "" " len 60" "44" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "2011" "ipa3" "dmz-mail" "tcp" "4" "1746" "" "" "" "" "" "" "" " len 60" "45" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "45" "ipa3" "dmz-mail" "tcp" "4" "1747" "" "" "" "" "" "" "" " len 60" "46" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "853" "ipa3" "dmz-mail" "tcp" "4" "1748" "" "" "" "" "" "" "" " len 60" "47" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "371" "ipa3" "dmz-mail" "tcp" "4" "1749" "" "" "" "" "" "" "" " len 60" "48" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "2025" "ipa3" "dmz-mail" "tcp" "4" "1750" "" "" "" "" "" "" "" " len 60" (snip 3035 records) "3074" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "1430" "ipa3" "dmz-www" "tcp" "5" "4789" "" "" "" "" "" "" "" " len 60" "3075" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "433" "ipa3" "dmz-www" "tcp" "5" "4790" "" "" "" "" "" "" "" " len 60" "3076" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "2112" "ipa3" "dmz-www" "tcp" "5" "4791" "" "" "" "" "" "" "" " len 60" "3077" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "652" "ipa3" "dmz-www" "tcp" "5" "4792" "" "" "" "" "" "" "" " len 60" "3078" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "445" "ipa3" "dmz-www" "tcp" "5" "4793" "" "" "" "" "" "" "" " len 60" "3079" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "577" "ipa3" "dmz-www" "tcp" "5" "4794" "" "" "" "" "" "" "" " len 60" "3080" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "799" "ipa3" "dmz-www" "tcp" "5" "4795" "" "" "" "" "" "" "" " len 60" "3081" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "574" "ipa3" "dmz-www" "tcp" "5" "4796" "" "" "" "" "" "" "" " len 60" "3082" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "649" "ipa3" "dmz-www" "tcp" "5" "4797" "" "" "" "" "" "" "" " len 60" "3083" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "705" "ipa3" "dmz-www" "tcp" "5" "4798" "" "" "" "" "" "" "" " len 60" RealSecure System Agent Syslog Mar mail sendmail[348] SMTP connect from IDENTroot@ipa3 [ ] ( ) Mar mail sendmail[348] NOQUEUE --> 220 mail.dmz.local ESMTP Sendmail 8.9.3/3.7W; Tue, 14 Mar (JST) Mar mail sendmail[348] NOQUEUE --> 421 mail.dmz.local Lost input channel from IDENTroot@ipa3 [ ] Mar mail sendmail[348] NOQUEUE Null connection from IDENTroot@ipa3 [ ] - 2 -

6 1.2 TCP RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 1950,2000/3/ ,Port_Scan,6,36503,661,36503,661, , , , ,,,,1,FALSE,00C0F6B30F12,, CE 8,,0,,0, ,FALSE,0 1951,2000/3/ ,SYNFlood,6,0,1008,Any,1008,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, , FALSE,0 1952,2000/3/ ,SYNFlood,6,0,1365,Any,1365,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FALSE,0 1953,2000/3/ ,Port_Scan,6,34680,945,34680,945, , , , ,,,,1,FALSE,00C0F6B30F12,, CE 8,,0,,0, ,FALSE,0 1954,2000/3/ ,SYNFlood,6,0,2600,Any,2600,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FALSE,0 1955,2000/3/ ,SYNFlood,6,0,528,Any,528,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, , FALSE,0 1956,2000/3/ ,SYNFlood,6,0,95,Any,Sudup,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FALSE,0 1957,2000/3/ ,SYNFlood,6,0,5011,Any,5011,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FALSE,0 1958,2000/3/ ,SYNFlood,6,0,884,Any,884,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, , FALSE,0 1959,2000/3/ ,SYNFlood,6,0,7002,Any,7002,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FALSE,0 (snip 129 records) 2089,2000/3/ ,SYNFlood,6,0,990,Any,990,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FA LSE,0 2090,2000/3/ ,SYNFlood,6,0,574,Any,574,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, , FALSE,0 2091,2000/3/ ,SYNFlood,6,0,692,Any,692,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FA LSE,0 2092,2000/3/ ,SYNFlood,6,0,333,Any,333,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, , FALSE,0 2093,2000/3/ ,SYNFlood,6,0,5191,Any,5191,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FALSE,0 2094,2000/3/ ,SYNFlood,6,0,697,Any,697,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FA LSE,0 2095,2000/3/ ,SYNFlood,6,0,292,Any,292,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, , FALSE,0 2096,2000/3/ ,SYNFlood,6,0,995,Any,995,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FA LSE,0 2097,2000/3/ ,SYNFlood,6,0,1013,Any,1013,0, , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, , - 3 -

7 1.2.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 14412,2000/3/ ,Port_Scan,6,34680,945,34680,945, , , , ,,,,1,FALSE, CE6,,00C02626E50 5,,0,,0, ,FALSE, FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "3089" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "" "ipa3" "dmz-mail" "icmp" "4" "" "" "" "" "" "" "" "" " icmp-type 8 icmp-cod e 0" "3090" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "36523" "" "" "" "" "" "" "" " len 40" "3091" "14Mar2000" "131139" "nei1" "fw" "log" "accept" "" "dmz-mail" "ipa3" "icmp" "8" "" "" "" "" "" "" "" "" " icmp-type 0 icmp-cod e 0" "3092" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "331" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3093" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "310" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3094" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "352" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3095" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "477" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3096" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "533" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3097" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "189" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3098" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "354" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" (snip 2990 records) "3074" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "1430" "ipa3" "dmz-www" "tcp" "5" "4789" "" "" "" "" "" "" "" " len 60" "3075" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "433" "ipa3" "dmz-www" "tcp" "5" "4790" "" "" "" "" "" "" "" " len 60" "3076" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "2112" "ipa3" "dmz-www" "tcp" "5" "4791" "" "" "" "" "" "" "" " len 60" "3077" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "652" "ipa3" "dmz-www" "tcp" "5" "4792" "" "" "" "" "" "" "" " len 60" "3078" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "445" "ipa3" "dmz-www" "tcp" "5" "4793" "" "" "" "" "" "" "" " len 60" "3079" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "577" "ipa3" "dmz-www" "tcp" "5" "4794" "" "" "" "" "" "" "" " len 60" "3080" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "799" "ipa3" "dmz-www" "tcp" "5" "4795" "" "" "" "" "" "" "" " len 60" "3081" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "574" "ipa3" "dmz-www" "tcp" "5" "4796" "" "" "" "" "" "" "" " len 60" "3082" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "649" "ipa3" "dmz-www" "tcp" "5" "4797" "" "" "" "" "" "" "" " len 60" "3083" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "705" "ipa3" "dmz-www" "tcp" "5" "4798" "" "" "" "" "" "" "" " len 60" RealSecure System Agent Syslog, - 4 -

8 1.3 TCP fin RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 2099,2000/3/ ,Port_Scan,6,43662,131,43662,131, , , , ,,,,1,FALSE,00C0F6B30F12,, CE 8,,0,,0, ,FALSE,0 2100,2000/3/ ,Port_Scan,6,57854,289,57854,289, , , , ,,,,1,FALSE,00C0F6B30F12,, CE 8,,0,,0, ,FALSE,0 2101,2000/3/ ,Port_Scan,6,43840,208,43840,208, , , , ,,,,1,FALSE,00C0F6B30F12,, C E8,,0,,0, ,FALSE,0-5 -

9 1.3.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 14413,2000/3/ ,Port_Scan,6,43662,131,43662,131, , , , ,,,,1,FALSE, CE6,, EE A,,0,,0, ,FALSE, ,2000/3/ ,Port_Scan,6,57854,289,57854,289, , , , ,,,,1,FALSE, CE6,,00C02626E50 5,,0,,0, ,FALSE, FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "6100" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "" "ipa3" "dmz-mail" "icmp" "4" "" "" "" "" "" "" "" "" " icmp-type 8 icmp-cod e 0" "6101" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "43682" "" "" "" "" "" "" "" " len 40" "6102" "14Mar2000" "131515" "nei1" "fw" "log" "accept" "" "dmz-mail" "ipa3" "icmp" "8" "" "" "" "" "" "" "" "" " icmp-type 0 icmp-cod e 0" "6103" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "251" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6104" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "867" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6105" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "975" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6106" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "CreativePartnerClnt" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6107" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "2784" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6108" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "usenet" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6109" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "x400-snd" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" (snip 4485 records) "10594" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "printer" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10595" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "92" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10596" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "445" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10597" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "1491" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10598" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "2010" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10599" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "22289" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10600" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "879" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10601" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "666" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10602" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "nbsession" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10603" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "284" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10604" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "179" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" RealSecure System Agent Syslog, - 6 -

10 1.4 TCP NULL RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 2102,2000/3/ ,IPHalfScan,6,45876,556,45876,Remotefs, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE,0 2103,2000/3/ ,IPHalfScan,6,45876,182,45876,182, , , , ,,,,1,FALSE,00C0F6B30F12,, C E8,,0,,0, ,FALSE,0 2104,2000/3/ ,IPHalfScan,6,45876,154,45876,154, , , , ,,,,1,FALSE,00C0F6B30F12,, C E8,,0,,0, ,FALSE,0 2105,2000/3/ ,IPHalfScan,6,45876,2232,45876,2232, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE,0 2106,2000/3/ ,IPHalfScan,6,45876,67,45876,67, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE,0 2107,2000/3/ ,IPHalfScan,6,45876,650,45876,650, , , , ,,,,1,FALSE,00C0F6B30F12,, C E8,,0,,0, ,FALSE,0 2108,2000/3/ ,IPHalfScan,6,45876,775,45876,775, , , , ,,,,1,FALSE,00C0F6B30F12,, C E8,,0,,0, ,FALSE,0 2109,2000/3/ ,IPHalfScan,6,45876,5000,45876,5000, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE,0 2110,2000/3/ ,IPHalfScan,6,45876,390,45876,390, , , , ,,,,1,FALSE,00C0F6B30F12,, C E8,,0,,0, ,FALSE,0 2111,2000/3/ ,IPHalfScan,6,45876,855,45876,855, , , , ,,,,1,FALSE,00C0F6B30F12,, C E8,,0,,0, ,FALSE,0 (snip 9011 records) 11121,2000/3/ ,IPHalfScan,6,40214,784,40214,784, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,40214,776,40214,776, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,40214,6143,40214,6143, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,40214,573,40214,573, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,40214,2106,40214,2106, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,40215,415,40215,415, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,40215,288,40215,288, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,40215,784,40215,784, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,40215,776,40215,776, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,40215,6143,40215,6143, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,40215,573,40215,573, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,40215,2106,40215,2106, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE,0-7 -

11 1.4.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 14415,2000/3/ ,IPHalfScan,6,45876,556,45876,Remotefs, , , , ,,,,1,FALSE, CE6,, EEA,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,45876,182,45876,182, , , , ,,,,1,FALSE, CE6,, E EA,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,45876,154,45876,154, , , , ,,,,1,FALSE, CE6,, E EA,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,45876,2232,45876,2232, , , , ,,,,1,FALSE, CE6,, EEA,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,45876,67,45876,67, , , , ,,,,1,FALSE, CE6,, EE A,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,45876,650,45876,650, , , , ,,,,1,FALSE, CE6,, E EA,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,45876,775,45876,775, , , , ,,,,1,FALSE, CE6,, E EA,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,45876,5000,45876,5000, , , , ,,,,1,FALSE, CE6,, EEA,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,45876,390,45876,390, , , , ,,,,1,FALSE, CE6,, E EA,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,45876,855,45876,855, , , , ,,,,1,FALSE, CE6,, E EA,,0,,0, ,FALSE,0 (snip 3087 records) 17512,2000/3/ ,IPHalfScan,6,43457,8,43457,8, , , , ,,,,1,FALSE, CE6,,00C02626E505,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,43457,587,43457,587, , , , ,,,,1,FALSE, CE6,,00C02626E5 05,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,43457,500,43457,500, , , , ,,,,1,FALSE, CE6,,00C02626E5 05,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,43457,20,43457,FTP-Data, , , , ,,,,1,FALSE, CE6,,00C0262 6E505,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,43457,62,43457,62, , , , ,,,,1,FALSE, CE6,,00C02626E505,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,43457,1378,43457,1378, , , , ,,,,1,FALSE, CE6,,00C02626 E505,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,43457,1371,43457,1371, , , , ,,,,1,FALSE, CE6,,00C02626 E505,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,43457,467,43457,467, , , , ,,,,1,FALSE, CE6,,00C02626E5 05,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,43457,451,43457,451, , , , ,,,,1,FALSE, CE6,,00C02626E5 05,,0,,0, ,FALSE, ,2000/3/ ,IPHalfScan,6,43457,909,43457,909, , , , ,,,,1,FALSE, CE6,,00C02626E5 05,,0,,0, ,FALSE,0-8 -

12 1.4.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "10605" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "" "ipa3" "dmz-mail" "icmp" "4" "" "" "" "" "" "" "" "" " icmp-type 8 icmp-co de 0" "10606" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "45896" "" "" "" "" "" "" "" " len 40" "10607" "14Mar2000" "132018" "nei1" "fw" "log" "accept" "" "dmz-mail" "ipa3" "icmp" "8" "" "" "" "" "" "" "" "" " icmp-type 0 icmp-co de 0" "10608" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "556" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10609" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "182" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10610" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "154" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10611" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "2232" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10612" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "67" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10613" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "650" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10614" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "775" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" (snip 3032 records) "13647" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "8" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13648" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "587" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13649" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "500" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13650" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "ftp-data" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13651" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "62" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13652" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "1378" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13653" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "1371" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13654" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "467" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13655" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "451" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13656" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "909" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" RealSecure System Agent Syslog, - 9 -

13 1.5 UDP ICMP Unreachable RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 11133,2000/3/ ,UDP_Port_Scan,17,53173,497,53173,497, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE, ,2000/3/ ,UDP_Port_Scan,17,53173,271,53173,271, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE, ,2000/3/ ,UDP_Port_Scan,17,46019,778,46019,778, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE, ,2000/3/ ,UDP_Port_Scan,17,40078,391,40078,391, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE, ,2000/3/ ,UDP_Port_Scan,17,53385,261,53385,261, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE, ,2000/3/ ,UDP_Port_Scan,17,43605,676,43605,676, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,0, ,FALSE, RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 17522,2000/3/ ,UDP_Port_Scan,17,53173,497,53173,497, , , , ,,,,1,FALSE, CE6,, EEA,,0,,0, ,FALSE, ,2000/3/ ,UDP_Port_Scan,17,46019,778,46019,778, , , , ,,,,1,FALSE, CE6,,00C026 26E505,,0,,0, ,FALSE, ,2000/3/ ,UDP_Port_Scan,17,40078,391,40078,391, , , , ,,,,1,FALSE, CE6,, EEA,,0,,0, ,FALSE,0-10 -

14 1.5.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "13664" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "523" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13665" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "89" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13666" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "955" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13667" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "232" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13668" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "469" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13669" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "351" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13670" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "1986" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13671" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "808" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13672" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "2307" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13673" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "878" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" (snip 7108 records) "20782" "14Mar2000" "135748" "nei0" "fw" "log" "accept" "7650" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20783" "14Mar2000" "135752" "nei0" "fw" "log" "accept" "569" "ipa3" "dmz-mail" "udp" "4" "43606" "" "" "" "" "" "" "" " len 28" "20784" "14Mar2000" "135753" "nei0" "fw" "log" "accept" "312" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20785" "14Mar2000" "135753" "nei0" "fw" "log" "accept" "455" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20786" "14Mar2000" "135757" "nei0" "fw" "log" "accept" "312" "ipa3" "dmz-mail" "udp" "4" "43606" "" "" "" "" "" "" "" " len 28" "20787" "14Mar2000" "135757" "nei0" "fw" "log" "accept" "144" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20788" "14Mar2000" "135757" "nei0" "fw" "log" "accept" "106" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20789" "14Mar2000" "135801" "nei0" "fw" "log" "accept" "144" "ipa3" "dmz-mail" "udp" "4" "43606" "" "" "" "" "" "" "" " len 28" "20790" "14Mar2000" "135801" "nei0" "fw" "log" "accept" "201" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20791" "14Mar2000" "135802" "nei0" "fw" "log" "accept" "941" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" RealSecure System Agent Syslog,

15 1.6 finger RealSecure Network Engine RealSecure Network Engine FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "28962" "14Mar2000" "144045" "nei0" "fw" "log" "accept" "finger" "ipa3" "dmz-mail" "tcp" "4" "1522" "" "" "" "" "" "" "" " len 60" "28963" "14Mar2000" "144103" "nei0" "fw" "log" "accept" "finger" "ipa3" "dmz-mail" "tcp" "4" "1523" "" "" "" "" "" "" "" " len 60" "28964" "14Mar2000" "144113" "nei0" "fw" "log" "accept" "finger" "ipa3" "dmz-www" "tcp" "5" "ingreslock" "" "" "" "" "" "" "" " len 6 0" "28965" "14Mar2000" "144123" "nei0" "fw" "log" "accept" "finger" "ipa3" "dmz-www" "tcp" "5" "1525" "" "" "" "" "" "" "" " len 60" RealSecure System Agent Syslog,

16 1.7 phf RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 11546,2000/3/ ,HTTP_PHF,6,1526,80,1526,HTTP, , , , ,,,,1,FALSE,00C0F6B30F12,, C E8,,0,,1, ,FALSE, ,2000/3/ ,HTTP_Unix_Passwords,6,1526,80,1526,HTTP, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FALSE, ,2000/3/ ,HTTP_PHF,6,1527,80,1527,HTTP, , , , ,,,,1,FALSE,00C0F6B30F12,, C E8,,0,,1, ,FALSE, ,2000/3/ ,HTTP_Unix_Passwords,6,1527,80,1527,HTTP, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FALSE, RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 17541,2000/3/ ,HTTP_PHF,6,1526,80,1526,HTTP, , , , ,,,,1,FALSE, CE6,, E EA,,0,,1, ,FALSE, ,2000/3/ ,HTTP_Unix_Passwords,6,1526,80,1526,HTTP, , , , ,,,,1,FALSE, CE6,, EEA,,0,,1, ,FALSE, ,2000/3/ ,HTTP_PHF,6,1527,80,1527,HTTP, , , , ,,,,1,FALSE, CE6,,00C02626E5 05,,0,,1, ,FALSE, ,2000/3/ ,HTTP_Unix_Passwords,6,1527,80,1527,HTTP, , , , ,,,,1,FALSE, CE6,,00C 02626E505,,0,,1, ,FALSE, FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "28974" "14Mar2000" "144330" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "1526" "" "" "" "" "" "" "" " len 60" "28975" "14Mar2000" "144415" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-www" "tcp" "5" "1527" "" "" "" "" "" "" "" " len 60" RealSecure System Agent Syslog, Apache [14/Mar/ ] "GET /cgi-bin/phf?q=%0acat%20/etc/passwd" IIS , -, 00/03/14, , W3SVC1, WWW, , 20, 41, 611, 404, 2, GET, /cgi-bin/phf, Q=%0Acat%20/etc/passwd,

17 1.8 nph-test-cgi RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 11550,2000/3/ ,HTTP_NphTestCgi,6,1528,80,1528,HTTP, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FALSE, RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 17545,2000/3/ ,HTTP_NphTestCgi,6,1528,80,1528,HTTP, , , , ,,,,1,FALSE, CE6,, EEA,,0,,1, ,FALSE,0-14 -

18 1.8.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "28979" "14Mar2000" "144525" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "1528" "" "" "" "" "" "" "" " len 60" RealSecure System Agent Syslog, Apache [09/Mar/ ] "GET /cgi-bin/nph-test-cgi?/* HTTP/1.1"

19 1.9 php RealSecure Network Engine ,2000/3/ ,HTTP_PHP_Read,6,1529,80,1529,HTTP, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FALSE, ,2000/3/ ,HTTP_Unix_Passwords,6,1529,80,1529,HTTP, , , , ,,,,1,FALSE,00C0F6B30F12,, CE8,,0,,1, ,FALSE, RealSecure Network Engine ,2000/3/ ,HTTP_PHP_Read,6,1529,80,1529,HTTP, , , , ,,,,1,FALSE, CE6,, EEA,,0,,1, ,FALSE, ,2000/3/ ,HTTP_Unix_Passwords,6,1529,80,1529,HTTP, , , , ,,,,1,FALSE, CE6,, EEA,,0,,1, ,FALSE, FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "28980" "14Mar2000" "144542" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "1529" "" "" "" "" "" "" "" " len 60" RealSecure System Agent

20 1.9.5 Syslog, Apache [09/Mar/ ] "GET /cgi-bin/php.cgi?/etc/passwd HTTP/1.1"

21 1.10 ftp RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 11553,2000/3/ ,FTP_Syst,6,1532,21,1532,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1533,21,1533,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1534,21,1534,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1535,21,1535,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1536,21,1536,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1537,21,1537,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1538,21,1538,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1539,21,1539,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1540,21,1540,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1541,21,1541,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE,0 (snip 222 records) 11783,2000/3/ ,FTP_Syst,6,1762,21,1762,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1763,21,1763,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1764,21,1764,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1765,21,1765,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1766,21,1766,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1767,21,1767,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1768,21,1768,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1769,21,1769,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1770,21,1770,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1771,21,1771,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1772,21,1772,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1773,21,1773,FTP, , , , ,,,,3,FALSE,00C0F6B30F12,, CE8,, 0,,0, ,FALSE,0-18 -

22 - 19 -

23 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 17548,2000/3/ ,FTP_Syst,6,1532,21,1532,FTP, , , , ,,,,3,FALSE, CE6,, EEA,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1533,21,1533,FTP, , , , ,,,,3,FALSE, CE6,, EEA,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1534,21,1534,FTP, , , , ,,,,3,FALSE, CE6,, EEA,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1535,21,1535,FTP, , , , ,,,,3,FALSE, CE6,, EEA,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1536,21,1536,FTP, , , , ,,,,3,FALSE, CE6,, EEA,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1537,21,1537,FTP, , , , ,,,,3,FALSE, CE6,, EEA,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1538,21,1538,FTP, , , , ,,,,3,FALSE, CE6,, EEA,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1539,21,1539,FTP, , , , ,,,,3,FALSE, CE6,, EEA,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1540,21,1540,FTP, , , , ,,,,3,FALSE, CE6,, EEA,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1541,21,1541,FTP, , , , ,,,,3,FALSE, CE6,, EEA,, 0,,0, ,FALSE,0 (snip 222 records) 17780,2000/3/ ,FTP_Syst,6,1764,21,1764,FTP, , , , ,,,,3,FALSE, CE6,,00C02626E505,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1765,21,1765,FTP, , , , ,,,,3,FALSE, CE6,,00C02626E505,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1766,21,1766,FTP, , , , ,,,,3,FALSE, CE6,,00C02626E505,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1767,21,1767,FTP, , , , ,,,,3,FALSE, CE6,,00C02626E505,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1768,21,1768,FTP, , , , ,,,,3,FALSE, CE6,,00C02626E505,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1769,21,1769,FTP, , , , ,,,,3,FALSE, CE6,,00C02626E505,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1770,21,1770,FTP, , , , ,,,,3,FALSE, CE6,,00C02626E505,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1771,21,1771,FTP, , , , ,,,,3,FALSE, CE6,,00C02626E505,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1772,21,1772,FTP, , , , ,,,,3,FALSE, CE6,,00C02626E505,, 0,,0, ,FALSE, ,2000/3/ ,FTP_Syst,6,1773,21,1773,FTP, , , , ,,,,3,FALSE, CE6,,00C02626E505,, 0,,0, ,FALSE,0-20 -

Similar documents

2004 SYN/ACK SYN Flood G01P014-6

2004 SYN/ACK SYN Flood G01P014-6 2004 SYN/ACK SYN Flood 2005 2 2 1G01P014-6 1 5 1.1...................................... 5 1.2...................................... 5 1.3..................................... 6 2 7 2.1..................................

More information

ヤマハ ルーター ファイアウォール機能~説明資料~

ヤマハ ルーター ファイアウォール機能~説明資料~ 1 RT140i #1(PPP) RT105i RTA52i R (PP#) (LAN#) [NAT] R LAN LAN 2 #2() RT300i RTW65b RT140e RT105e (LAN2) R (LAN1) RTA55i R LAN LAN 3 #3(PPPoE) R (LAN#) (PP#) (PP#) LAN ISDN/ LAN 4 RT300i RT105 #4(VPN) R

More information

ヤマハ ルーター ファイアウォール機能~説明資料~

ヤマハ ルーター ファイアウォール機能~説明資料~ 1 2 3 4 LAN ISDN/ NAT (LAN#) (PP#) (TUNNEL#) + R 5 ----------< >---------- ----------< >---------- 6 IPv6 VPN ping IPsec PPTP ICMP (1) TCP (6) UDP (17) IPv6 (41) AH (51) ESP (50) GRE (47) IPv4

More information

2 1: OSI OSI,,,,,,,,, 4 TCP/IP TCP/IP, TCP, IP 2,, IP, IP. IP, ICMP, TCP, UDP, TELNET, FTP, HTTP TCP IP

2 1: OSI OSI,,,,,,,,, 4 TCP/IP TCP/IP, TCP, IP 2,, IP, IP. IP, ICMP, TCP, UDP, TELNET, FTP, HTTP TCP IP 1.,.. 2 OSI,,,,,,,,, TCP/IP,, IP, ICMP, ARP, TCP, UDP, FTP, TELNET, ssh,,,,,,,, IP,,, 3 OSI OSI(Open Systems Interconnection: ). 1 OSI 7. ( 1) 4 ( 4),,,,.,.,..,,... 1 2 1: OSI OSI,,,,,,,,, 4 TCP/IP TCP/IP,

More information

untitled

untitled 2 1 Web 3 4 2 5 6 3 7 Internet = Inter Network 8 4 B B A B C A B C D D 9 A G D G F A B C D F D C D E F E F G H 10 5 11 Internet = Inter Network PC 12 6 1986 NSFNET 1995 1991 World Wide Web 1995 Windows95

More information

2/11 ANNEX 2006.09.14 2 HATS HATS

2/11 ANNEX 2006.09.14 2 HATS HATS 1/11. HATS 2/11 ANNEX 2006.09.14 2 HATS HATS 3/11... 4... 5... 5... 6... 6... 6... 7 4/11 Annex SMTP CIAJ SMTP CIAJ 5/11 SMTP SMTP POP3 SMTP Annex 6/11 SMTP ESMTP POP IMAP4 RCPT TO 7/11 CPU SMTP CPU TCP/IP

More information

SRT/RTX/RT設定例集

SRT/RTX/RT設定例集 Network Equipment Rev.6.03, Rev.7.00, Rev.7.01 Rev.8.01, Rev.8.02, Rev.8.03 Rev.9.00, Rev.10.00, Rev.10.01 2 3 4 5 6 1 2 3 1 2 3 7 RTX1000 RTX1000 8 help > help show command > show command console character

More information

snortの機能を使い尽くす & hogwashも使ってみる

snortの機能を使い尽くす & hogwashも使ってみる presented by P snort hogwash snort1.8.2(3) Martin Roesch IDS IDS hogwash snort1.7 FW+NIDS 100M IP IP snort./configure;make su make install configure Flexresp database snmp snmp alert idmef xml smbalert

More information

橡不正アクセスサーバ別詳細対策集.PDF

橡不正アクセスサーバ別詳細対策集.PDF 13 3 1.... 1 1.1.... 1 1.1.1.... 1 1.1.2.... 1 1.1.3.... 2 2.... 5 2.1.... 5 2.1.1.... 5 2.1.2.... 5 2.1.3.... 6 2.1.4.... 6 2.1.5.... 7 2.2. SENDMAIL... 8 2.2.1. sendmail... 8 2.2.2.... 9 2.2.3.... 9

More information

設定例集_Rev.8.03, Rev.9.00, Rev.10.01対応

設定例集_Rev.8.03, Rev.9.00, Rev.10.01対応 Network Equipment 設定例集 Rev.8.03, Rev.9.00, Rev.10.01 対応 2 3 4 5 6 7 8 help > help show command > show command console character administrator pp disable disconnect 9 pp enable save Password: login timer

More information

MUA (Mail User Agent) MTA (Mail Transfer Agent) DNS (Domain Name System) DNS MUA MTA MTA MUA MB mailbox MB

MUA (Mail User Agent) MTA (Mail Transfer Agent) DNS (Domain Name System) DNS MUA MTA MTA MUA MB mailbox MB MUA (Mail User Agent) MTA (Mail Transfer Agent) DNS (Domain Name System) DNS MUA MTA MTA MUA MB mailbox MB »» SMTP MAIL FROM: 250 sender ok RCPT TO: 250 recipient

More information

TCP/IP Internet Week 2002 [2002/12/17] Japan Registry Service Co., Ltd. No.3 Internet Week 2002 [2002/12/17] Japan Registry Service Co., Ltd. No.4 2

TCP/IP Internet Week 2002 [2002/12/17] Japan Registry Service Co., Ltd. No.3 Internet Week 2002 [2002/12/17] Japan Registry Service Co., Ltd. No.4 2 Japan Registry Service Co., Ltd. JPRS matuura@jprs.co.jp Internet Week 2002 [2002/12/17] Japan Registry Service Co., Ltd. No.1 TCP IP DNS Windows Internet Week 2002 [2002/12/17] Japan Registry Service

More information

1 Linux UNIX-PC LAN. UNIX. LAN. UNIX. 1.1 UNIX LAN. 1.2 Linux PC Linux. 1.3 studenta odd kumabari studentb even kumabari studentc odd kumabari student

1 Linux UNIX-PC LAN. UNIX. LAN. UNIX. 1.1 UNIX LAN. 1.2 Linux PC Linux. 1.3 studenta odd kumabari studentb even kumabari studentc odd kumabari student LAN 0000000000 6/6, 6/13, 6/20 1 Linux UNIX-PC LAN. UNIX. LAN. UNIX. 1.1 UNIX LAN. 1.2 Linux PC Linux. 1.3 studenta odd kumabari studentb even kumabari studentc odd kumabari studentd even kumabari 1: LAN

More information

第1章 調査の概要

第1章 調査の概要 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 (A) PS REG (B) ( (C) MS MR C C 1 2 (D)Instant Message (E) 20 21 22 InterSafe FireWall Internet Internet InterSafe InterSafe STOP InterSafe FireWall Internet

More information

Si-R30取扱説明書

Si-R30取扱説明書 IP 317 318 IP 319 322 327 332 335 337 339 339 340 342 DNS ProxyDNS 344 DNS 344 DNS 348 DNS 349 DNS 350 DHCP 352 DHCP 353 DHCP 355 NAT 35 NAT 359 30 34 ID 38 371 374 CBCP 375 CBCP 377 379 380 TA 382 URL

More information

untitled

untitled ICMP 0466-XX-1395 t04000aa@sfc.keio.ac.jp 133.113.215.10 (ipv4) 2001:200:0:8803::53 (ipv6) (FQDN: Fully Qualified Domain Name) ( www.keio.ac.jp 131.113.215.10 /MAC ID 00:11:24:79:8e:82 Port Port = = Port

More information

Agenda IPv4 over IPv6 MAP MAP IPv4 over IPv6 MAP packet MAP Protocol MAP domain MAP domain ASAMAP ASAMAP 2

Agenda IPv4 over IPv6 MAP MAP IPv4 over IPv6 MAP packet MAP Protocol MAP domain MAP domain ASAMAP ASAMAP 2 MAP Tutorial @ 1 Agenda IPv4 over IPv6 MAP MAP IPv4 over IPv6 MAP packet MAP Protocol MAP domain MAP domain ASAMAP ASAMAP 2 IPv4 over IPv6 IPv6 network IPv4 service Internet Service ProviderISP IPv4 service

More information

お客様システムにおけるセキュリティ施策

お客様システムにおけるセキュリティ施策 UNIX IT fujitsu.com 1. UNIX 2. 3. 4. 2 1. UNIX UNIX U1 BIND Domain Name System U2 Web Server U3 Authentication U4 Version Control Systems U5 Mail Transport Service U6 Simple Network Management Protocol

More information

shibasaki(印刷用)

shibasaki(印刷用) M M M NIC alert NIDS Snort alert tcp 192.168.0.0/24 any -> $HTTP_SERVER 80 (msg: HTTP Access Detected";) alert tcp 192.168.0.0/24 any $HTTP_SERVER -> 80 oinkmaster Oink M M ANNEX PC-UNIX DSU M KIU L3 Web

More information

ŠŸŠp”Ò„ü‡¯†E1

ŠŸŠp”Ò„ü‡¯†E1 192.000.000.000 - - [25/May/2003:07:03:59 +0900] ``GET /default.ida?xxxxxxx XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u780

More information

01紹介_A1ポスター

01紹介_A1ポスター

More information

14 G 1 ...3...4...4...4...4...4...4...5...5...6...7...7...8...9...9... 11... 11...12...13...14...16...16 5.2...17...19...24...24...25 2 PC LAN 2002 Intrusion Detection System IDS snort 3 IDS IDS snort

More information

¥Í¥Ã¥È¥ï¡¼¥¯¥×¥í¥°¥é¥ß¥ó¥°ÆÃÏÀ

¥Í¥Ã¥È¥ï¡¼¥¯¥×¥í¥°¥é¥ß¥ó¥°ÆÃÏÀ 2 : TCP/IP : HTTP HTTP/2 1 / 22 httpget.txt: http.rb: ruby http get Java http ( ) HttpURLConnection 2 / 22 wireshark httpget.txt httpget cookie.txt ( ) telnet telnet localhost 80 GET /index.html HTTP/1.1

More information

IPA:セキュアなインターネットサーバー構築に関する調査

IPA:セキュアなインターネットサーバー構築に関する調査 Copyright 2003 IPA, All Rights Reserved. Copyright 2003 IPA, All Rights Reserved. Public Network F/W DMZ WWW/FTP SMTP/DNS Private Network Copyright 2003 IPA, All Rights Reserved. Copyright 2003 IPA, All

More information

untitled

untitled Internet Week 2006T13 (4) CISSP 1 UTM: Unified Threat Management F/W Web G/W 2 IPS GW Box UTM!? S/W PC, F/WIPS IDS/IPS 3 or 4 5 Orange Alert Yellow Alert by @Police http://www.cyberpolice.go.jp/detect/index.html

More information

第3回_416.ppt

第3回_416.ppt 3 3 2010 4 IPA Web http://www.ipa.go.jp/security/awareness/vendor/programming Copyright 2010 IPA 1 3-1 3-1-1 SQL #1 3-1-2 SQL #2 3-1-3 3-1-4 3-2 3-2-1 #2 3-2-2 #1 3-2-3 HTTP 3-3 3-3-1 3-3-2 Copyright 2010

More information

Si-R30コマンドリファレンス

Si-R30コマンドリファレンス 8 8.1 SNMP ( ) 8.1.1 snmp service ( ) SNMP SNMP snmp service on SNMP SNMP off SNMP SNMP SNMP SNMP Si-R30 SNMP snmp service off 171 8.1.2 snmp agent contact ( ) SNMP snmp agent contact []

More information

1.`16

1.`16 44 No. 44 2 3 4 5 6 7 SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT SPORT

More information

IT JSOC 2

IT JSOC 2 IT JSOC 2 3 http://www.johotsusintokei.soumu.go.jp/whitepaper/ja/h15/index.html 4 http://www.johotsusintokei.soumu.go.jp/whitepaper/ja/h15/index.html 5 (IT) IT) (ADSLCATV ) 24 6 CERT/CC Statistics 1988-2003

More information

perimeter gateway

perimeter gateway Internet Week 2005 T9 CISSP Proxy VPN perimeter gateway OK?? F/+VPN Web MAIL/DNS PC PC PC PC PC NW NW F/W+VPN DMZ F/W NW NW RAS NW DMZ DMZ De-Militarized Zone = DMZ DMZ DMZ DMZ DMZ DMZ DMZ DMZ DMZ DMZ

More information

10.02EWE51号本文

10.02EWE51号本文 51 2010 Mar. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~ 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

More information

607_h1h4_0215.indd

607_h1h4_0215.indd 3 2016 Mar. No.607 http://www.saitama-ctv-kyosai.net 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

More information

Gnutella TCP/IP Ping, Query 4. QueryHit 5. HTTP 2

Gnutella TCP/IP Ping, Query 4. QueryHit 5. HTTP 2 jnutella.org hidekazu.umeda@skyley.com 1. Gnutella Gnutella descriptor) GTKT (Gnutella Toolkit) 2. Jnutella P2P JPPP JPPP SDK Gnutella 1. Gnutella 2. 3. descriptor) 4. GTKT (Gnutella Toolkit) 1 Gnutella

More information

WIDE 1

WIDE 1 WIDE 1 2 Web Web Web Web Web Web Web Web Web Web? Web Web Things to cover Web Web Web Web Caching Proxy 3 Things NOT covered / How to execute Perl Scripts as CGI binaries on Windows NT How to avoid access

More information

設定例集

設定例集 REMOTE ROUTER 1999. 2. 2 YAMAHA NetWare Novell,Inc. INS 64 YAMAHA! M E M O 1 1 1.1 : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 1 1.2 : : : : : : : : : : : : : : : : : : : : :

More information

VNSTProductDes3.0-1_jp.pdf

VNSTProductDes3.0-1_jp.pdf Visual Nexus Secure Transport 2005/10/18 Visual Nexus http:// www.visualnexus.com/jp/support.htm Visual Nexus Secure Transport 2005/02/25 1 2005/10/18 Ver3.0-1 2005 10 18 108-0075 21119 2 Visual Nexus

More information

DNS

DNS ファイアウォール ネットワークと情報セキュリティ 2 菊池浩明 講義内容 1. 不正アクセスの脅威 2. ファイアウォール パケットフィルタリング,NAT, DMZ 3. アクセス制御 経路制御表 1. 不正アクセスの脅威 1. ポートスキャン 侵入可能なポートを自動検査 サーバのソフトウェアとバージョンを調査 ポート番号 サービス 21 ftp 21 22 23 65535 23 telnet 25

More information

More information

More information

More information

More information

<8B9E8B40925A904D8250825782538D862E706466>

<8B9E8B40925A904D8250825782538D862E706466>

More information

More information

More information

untitled

untitled

More information

More information

More information

More information

1 ARENA DNS CSR ID ( ).. I 3-1 3-1

1 ARENA DNS CSR ID ( ).. I 3-1 3-1 . II NTTPC 1 ARENA DNS CSR ID ( ).. I 3-1 3-1 30 http://web.arena.ne.jp/suite/support/startup/admin-useradd/index.html 31 32 33 34 http://web.arena.ne.jp/suite/cgiinstaller/index.html 35 36 CGI 37 CGI

More information

5. sendmail.cf

5. sendmail.cf 5. sendmail.cf Contents sendmail.cf NULL Client PPP Client Firewall sendmail.cf sendmail ( ) ( ) SMTP UUCP sendmail.cf OS sendmail sendmail.cf MX Lower MX MX RR sendmail.cf V1: sendmail 5 ( V1) V2, V3:

More information

IPv6 トラブルシューティング ホームネットワーク/SOHO編

IPv6 トラブルシューティング ホームネットワーク/SOHO編 IPv6 SOHO NTT fujisaki@nttv6.com 2010 NTT Information Sharing Platform Laboratories IPv6 IPv6 IPv6 IPv4 IPv6 IPv4/IPv6 MTU IPv6 2 2010 NTT Information Sharing Platform Laboratories IPv6 SOHO (NTT /) SOHO

More information

untitled

untitled ()IP OSI ( ) (TCP/IP)TCP UDP ( ) IP + IP TCP / Web TCP/UDP IP / LAN IM xdsl/ () (FAX) 6bit(6556) FAX FAX ( ) UDP/TCP UDP(User Datagram Protocol) CL (Connectionless) TCP(Transmission Control Protocol) CO

More information

IPv4aaSを実現する技術の紹介

IPv4aaSを実現する技術の紹介 : ( ) : (IIJ) : 2003 4 ( ) IPv6 IIJ SEIL DS-Lite JANOG Softwire wg / Interop Tokyo 2013 IIJ SEIL MAP-E 2 IPv4aaS 3 4 IPv4aaS 5 IPv4 1990 IPv4 IPv4 32 IPv4 2 = 42 = IP IPv6 6 IPv6 1998 IPv6 (RFC2460) ICMP6,

More information

More information

03337-010-001.PDF

03337-010-001.PDF

More information

集中講義 インターネットテクノロジー 第5回

集中講義 インターネットテクノロジー 第5回 5 ichii@ms.u-tokyo.ac.jp 2002/5/31 2 IPv6 2002/5/31 3 IPv6 32 IP 2008 streamline QoS anycast anycast: IPv6 40 128 2002/5/31 4 IP ICANN Ad Hoc Group on Numbering and Addressing McFadden/Holmes Report of

More information

kokudenntsushi52

kokudenntsushi52

More information

Managed Firewall NATユースケース

Managed Firewall NATユースケース Managed Firewall NAT ユースケース 2.0 版 2017/7/25 NTT Communications 更新履歴 版数更新日更新内容 1.0 2017/07/18 初版 2.0 2017/07/25 送信元 NAT NAPT に変更 ユースケースを追加 Use Case 1 Managed Firewall 送信先 NAT/DESTINATION NAT ~ 送信先のポート変換なし

More information

2

2 0. 92a --------------------------------------------------------- ---------------------------------------------------- 1. 1-1. 1-2. 1-3. 2. 2-5. 1 2 a ---------------------------------------------------------

More information

BJSManual

BJSManual

More information

PowerPoint Presentation

PowerPoint Presentation コンピュータ科学 III 担当 : 武田敦志 http://takeda.cs.tohoku-gakuin.ac.jp/ IP ネットワーク (1) コンピュータ間の通信 to : x Data to : x y Data to : y z Data 宛先 B のパケットは z に渡す A 宛先 B のパケットは y に渡す ルーティング情報

More information

INR-HG5579a_Netshut_Guide_Linux-Solaris_.doc

INR-HG5579a_Netshut_Guide_Linux-Solaris_.doc ( ) ( ) () 1 Netshut...1 1.1....1 1.1.1....1 1.1.2. OS...1 1.2....2 2...2 2.1....2 2.2. Linux(RPM )...3 2.3. Solaris(PKG )...4 3 Netshut...7 3.1....7 3.2....8 3.3. Netshut...9 3.4. Syslog...10 3.4.1....11

More information

カテゴリ変数と独立性の検定

カテゴリ変数と独立性の検定 II L04(2015-05-01 Fri) : Time-stamp: 2015-05-01 Fri 22:28 JST hig 2, Excel 2, χ 2,. http://hig3.net () L04 II(2015) 1 / 20 : L03-S1 Quiz : 1 2 7 3 12 (x = 2) 12 (y = 3) P (X = x) = 5 12 (x = 3), P (Y =

More information

UsersGuide_INR-HG5497c_.doc

UsersGuide_INR-HG5497c_.doc UPS / Web/SNMP VCCI A Web/SNMP... 1.. WEB...1.. SNMP...1.. NETSHUT...1.. 100BASE-TX...1... 2 Web... 4.....5.....7......7......8......9.. UPS...10... UPS...10...13......14......14...15......17......17..

More information

オンラインテスト

オンラインテスト 1. 2. JavaScript 3. Perl 4. CGI 1. WWW HTML WWW World Wide Web HTML Hyper Text Markup Language XML, XHTML Java (.java) JavaApplet (.class,.jar) JavaServlet (.jsp) JavaScript (.html) CGI (.cgi) SSI (.shtml)

More information

宅建練馬表478号1_4ol [更新済み].eps

宅建練馬表478号1_4ol [更新済み].eps

More information

Packet Tracer: 拡張 ACL の設定 : シナリオ 1 トポロジ アドレステーブル R1 デバイスインターフェイス IP アドレスサブネットマスクデフォルトゲートウェイ G0/ N/A G0/

Packet Tracer: 拡張 ACL の設定 : シナリオ 1 トポロジ アドレステーブル R1 デバイスインターフェイス IP アドレスサブネットマスクデフォルトゲートウェイ G0/ N/A G0/ トポロジ アドレステーブル R1 デバイスインターフェイス IP アドレスサブネットマスクデフォルトゲートウェイ G0/0 172.22.34.65 255.255.255.224 N/A G0/1 172.22.34.97 255.255.255.240 N/A G0/2 172.22.34.1 255.255.255.192 N/A Server NIC 172.22.34.62 255.255.255.192

More information

The F5 DDoS Mitigation Reference Architecture | F5 White Paper

The F5 DDoS Mitigation Reference Architecture | F5 White Paper F5 DDoS F5DDoS White Paper F5 DDoS 3 DDoS 4 3 DDoS 3 DDoS 4 DDoS 6 F5 7 8 DDoS 8 1 8 2 10 DNS DDoS 11 12 FSI DDoS 13 DDoS 14 SMB DDoS 15 17 18 2 F5 DDoS 2012 DDoS DDoS F5 DDoS 1 DNS 3 4 DDoS 2 CPU F5 DDoS

More information

tutorial.dvi

tutorial.dvi m-sato@yoko.nel.co.jp 1 (rough) OSI, ITU-T? ATM-Forum? DAVIC? 2 Internet Architecture Boad (IAB) IETF Engineering Steering Group (IESG) Internet PCA egistration Authority (IPA) Internet Assigned Number

More information

NATディスクリプタ機能

NATディスクリプタ機能 NAT 1 NAT #1,#2 IP incoming/unconvertible/range IP ping/traceroute/ftp/cu-seeme NetMeeting 3.0 VPN PPTP 2 NAT (NAT NAT ) 3 (NAT) Revision 4 NAT (Rev.1 Rev.3 ) LAN LAN primary secondary TUNNEL VPN 3 NAT

More information

I TCP 1/2 1

I TCP 1/2 1 I TCP 1/2 1 Transport layer: a birds-eye view Hosts maintain state for each transport endpoint Routers don t maintain perhost state H R R R R H Transport IP IP IP IP IP Copyright(C)2011 Youki Kadobayashi.

More information

SRX IDP Full IDP Stateful Inspection 8 Detection mechanisms including Stateful Signatures and Protocol Anomalies Reassemble, normalize, eliminate ambi

SRX IDP Full IDP Stateful Inspection 8 Detection mechanisms including Stateful Signatures and Protocol Anomalies Reassemble, normalize, eliminate ambi IDP (INTRUSION DETECTION AND PREVENTION) SRX IDP Full IDP Stateful Inspection 8 Detection mechanisms including Stateful Signatures and Protocol Anomalies Reassemble, normalize, eliminate ambiguity Track

More information

2011 I/ 2 1

2011 I/ 2 1 2011 I/ 2 1 ISO 7 layer reference model TCP/IP ISO 7 layer reference model 5 7 2011 I/ 2 2 2011 I/ 2 3 OSI 7 Layer Reference Model 2011 I/ 2 4 Harry Nyquist (1924) Maximum data rate = 2H log 2 V (bits/s)

More information

IPv6における

IPv6における Fumio Teraoka Masahiro Ishiyama Mitsunobu Kunishi Atsushi Shionozaki LIN6: A Solution to Mobility and Multi-Homing in IPv6 Internet Draft 2001 8 16 IPv6 00J075 LIN6 LIN6 Location Independent Networking

More information

チェックしておきたいぜい弱性情報2009< >

チェックしておきたいぜい弱性情報2009< > チェックしておきたい ぜい弱性情報 2009 Hitachi Incident Response Team http://www.hitachi.co.jp/hirt/ 寺田真敏 Copyright All rights reserved. Contents 月 24 日までに明らかになったぜい弱性情報のうち 気になるものを紹介します それぞれ ベンダーなどの情報を参考に対処してください.

More information

Microsoft PowerPoint ppt [互換モード]

Microsoft PowerPoint ppt [互換モード] 第 5 回 IP 計算機ネットワーク IP Internet Protocol Layer 3 ネットワーク層 機能 アドレッシング (IP アドレス ) IP Reachable 到達可能 = インターネット L2ではローカルのみ通信可 ルーティング フラグメント IP パケット IP パケット IP ヘッダ ペイロード イーサネットヘッダ ペイロード FCS 4 14 1500 イーサネットペイロード

More information

橡C16.PDF

橡C16.PDF Linux (Linux Business Initiative ( ) ) 1998 12 17 InternetWeek 98 ( ) Internet Week98 1998 Motoharu Kubo, Japan Network Information Center Linux 1. 2. 3. 4. 5. 6. 7. 8. 9. Q&A Linux( ) BP Software Design

More information

96 8 PHPlot 1. ( 8.1) 4 1: // 2: // $_SERVER[ HTTP_REFERER ]... 3: // $_SERVER[ HTTP_USER_AGENT ]... 4: // $_SERVER[ REMOTE_ADDR ]... ( ) 5: // $_SERV

96 8 PHPlot 1. ( 8.1) 4 1: // 2: // $_SERVER[ HTTP_REFERER ]... 3: // $_SERVER[ HTTP_USER_AGENT ]... 4: // $_SERVER[ REMOTE_ADDR ]... ( ) 5: // $_SERV 95 8 PHPlot PHP PHPlot 8.1 Web PHP Web $_SERVER[ key ] Apache P.119, P.120 4 key ( ) HTTP REFERER referer (varchar(512)) USER AGENT user agent (varchar(512)) REMOTE ADDR remote address (varchar(512)) REQUEST

More information

wide94.dvi

wide94.dvi 14 WWW 397 1 NIR-TF UUCP ftp telnet ( ) WIDE Networked Information Retrieval( NIR ) vat(visual Audio Tool) nv(netvedeo) CERN WWW(World Wide Web) WIDE ISODE WIDE project WWW WWW 399 400 1994 WIDE 1 WIDE

More information

More information

ict2-.key

ict2-.key IP TCP TCP/IP 1) TCP 2) TCPIP 3) IPLAN 4) IP パケット TCP パケット Ethernet パケット 発信元 送信先 ヘッダ 列番号 ポート番号 TCP パケットのデータ IP パケットのデータ 本当に送りたいデータ データ IP ヘッダデータ部ヘッダデータ部ヘッダデータ部 Ethernet パケット Ethernet パケット Ethernet パケット

More information

untitled

untitled 21 21 KEK 2010/3/19 Yoshimi Iida, KEK 2 1 J-PARC Japan Proton Accelerator Research Complex (JAEA) JAEA) KEK @ J-PARC PB JAEA KEK (KEK) (J-PARC) 2010/3/19 Yoshimi Iida, KEK 3 KEKCC J-PARC GRID JPARC-FW

More information

untitled

untitled ... 3... 3... 4... 5... 6... 6... 6... 7... 7... 8... 8... 8... 9... 12... 12... 13... 14... 15... 16... 16 DSCP... 16... 17... 18 DiffServ..... 18... 26... 26 ADD QOS FLOWGROUP... 27 ADD QOS POLICY...

More information

設定手順

設定手順 IP Cluster & Check Point NGX (IPSO 4.0 & Check Point NGX (R60)) 2007 7 IP Cluster & Check Point NGX...2 1 Gateway Cluster...6 1-1 cpconfig...6 1-2 Gateway Cluster...6 1-3 3rd Party Configuration...8 1-4

More information

wide97.dvi

wide97.dvi 4 139 1 WIDE MAWI WG MRTG(Multi Router Trac Grapher) WWW NNStat tcpdump - 1. WIDE 2. - 141 2 WIDE 2.1 MAWI WG NetStat WG WIDE WIDE Sun Microsystems NOC WG NNStat tcpdump Cisco NNStat MAC NOC NNStat tcpdump

More information

橡Ⅲ検証実験編.PDF

橡Ⅲ検証実験編.PDF .......... 2 ANTI-DO S... 3 2.... 4... 5... 6 DO S... 7 DOS... 8 DDOS... 9... 2... 2... 4 ANTI-DO S... 6 ANTI-DOS... 6 ANTI-DOS... 6 ANTI-DOS... 2 3.... 27... 28... 29... 29... 30... 32... 32... 34 . 3

More information

3. LISP B EID RLOC ETR B 4. ETR B ITR A 1: LISP 5. ITR A B EID RLOC 6. A SYN 7. ITR A ITR A B EID RLOC SYN ITR A RLOC ETR B RLOC 8. ETR B SYN ETR B B

3. LISP B EID RLOC ETR B 4. ETR B ITR A 1: LISP 5. ITR A B EID RLOC 6. A SYN 7. ITR A ITR A B EID RLOC SYN ITR A RLOC ETR B RLOC 8. ETR B SYN ETR B B L-020 SYN Cookies Locator/ID Separation Protocol Locator/ID Separation Protocol implementation considering SYN Cookies Watanabe Takaya Takashi Imaizumi 1. AS Autonomous System ISP IETF Locator/ID Separation

More information

平和教育の目標と主題(案)

平和教育の目標と主題(案)

More information

F-03H

F-03H

More information

Systemwalker IT Service Management Systemwalker IT Service Management V11.0L10 IT Service Management - Centric Manager Windows

Systemwalker IT Service Management Systemwalker IT Service Management V11.0L10 IT Service Management - Centric Manager Windows Systemwalker IT Service Management Systemwalker IT Service Management V11.0L10 IT Service Management - Centric Manager Windows Systemwalker IT Service Management Systemwalker Centric Manager IT Service

More information

ETL Webinar

ETL Webinar Logstash Filebeat ETL February 23rd, 2018 Kosho Owa, Principal Solution Architect Jun Ohtani, Developer Evangelist The Elastic Stack RESTFul Elasticsearch Elastic Stack Filebeat Beats The Beats family

More information

(11) - CDN 2002.07.02 E-Mail: katto@katto.comm.waseda.ac.jp n n n 1 ( ) (a) ( ) (b) IP (1) (S,G): S: G: IGMP Join/Leave D 224.0.0.0 239.255.255.255 IP (2) Shortest Path Tree Shared Tree Shortest Path

More information

ScreenOS 5.0 ScreenOS 5.0 Deep Inspection VLAN NetScreen-25/-50/-204/-208 HA NetScreen-25 HA Lite NetScreen-25 NetScreen-50) ALG(Application Layer Gat

ScreenOS 5.0 ScreenOS 5.0 Deep Inspection VLAN NetScreen-25/-50/-204/-208 HA NetScreen-25 HA Lite NetScreen-25 NetScreen-50) ALG(Application Layer Gat ScreenOS 5.0 1 2 ScreenOS 5.0 ScreenOS 5.0 Deep Inspection VLAN NetScreen-25/-50/-204/-208 HA NetScreen-25 HA Lite NetScreen-25 NetScreen-50) ALG(Application Layer Gateway NAT Destination NetScreen-Security

More information

ALog ConVerter Any 製品概要資料

ALog ConVerter Any 製品概要資料 ver. 7.3.0_2 Copyright AMIYA Corporation All Rights Reserved. ALog ConVerter は株式会社網屋の登録商標です 記載された会社名 製品名は それぞれの会社の商標もしくは登録商標です 記載された製品の仕様 機能等は改良のため予告なく変更される場合があります ALog サーバアクセスを OS レイヤから取得 複数サーバから統合的にログ管理を実現

More information

BLR3-TX4 ユーザーズガイド(3版)

BLR3-TX4 ユーザーズガイド(3版) BroadStation 第 1 章 第 1 章もっと使える便利な機能 1.1 2... 6... 7 BroadStation... 8 1.2...10 Windows Messenger MSN Messenger Universal Plug and Play...11 /...18 NetMeeting...22... 25...26 DHCP IP... 29 IP...30 BroadStation

More information

橡c03tcp詳説(3/24修正版).PDF

橡c03tcp詳説(3/24修正版).PDF 1 1 2 TCP 1 3 TCP 9 4 TCP 15 5 21 6 TCP 25 7 27 TCP 1 TCP Windows98 Linux Solaris TCP(Transmission Control Protocol) IP TCP UDP UDP TCP UDP TCP 1 TCP RFC793 RFC2581 TCP 4-1 - DataLink header IP header

More information

Internet Initiative Japan Inc. プロトコルの脆弱性 ( 株 ) インターネットイニシアティブ 永尾禎啓 Copyright 2004, Internet Initiative Japan Inc.

Internet Initiative Japan Inc. プロトコルの脆弱性 ( 株 ) インターネットイニシアティブ 永尾禎啓 Copyright 2004, Internet Initiative Japan Inc. プロトコルの脆弱性 ( 株 ) インターネットイニシアティブ 永尾禎啓 nagao@iij.ad.jp Copyright 2004, TCP/IP プロトコルスタックの脆弱性 プロトコルの仕様から見た脆弱性の分類 1. 仕様は正しいが 実装上のバグ 2. 仕様の曖昧さに起因! 実装によっては脆弱性が存在 3. 仕様自体のバグ 4. バグではないが仕様上不可避な問題 プロトコルの脆弱性 とは " プロトコルの仕様に起因する脆弱性

More information

2-20030509.PDF

2-20030509.PDF JPCERT/CC 1 Firewall 2 Security Incident 3 Cgi-bin Cross Site Scripting (CSS) 4 Statistics@JPCERT/CC 3,000 2,500 2,000 1,500 1,000 500 0 1996Q4 1997 1998 1999 2000 2001 2002 Number of Reports 5 2002 JPCERT/CC

More information

Microsoft Word - ID32.doc

Microsoft Word - ID32.doc ネットワークセキュリティ対策によるセキュアなサーバ管理 原祐一 名古屋大学全学技術センター工学系技術支援室情報通信技術系技術課 1 はじめに IT はさまざまな業務において なくてはならない技術へと進歩し IT 技術の進歩と同時に個人情報の保護をはじめとする情報セキュリティ対策も情報系の技術者として無視することができない業務となった このような社会的流れの中でサーバのセキュリティ対策は必須である しかし

More information

2017_Eishin_Style_H01

2017_Eishin_Style_H01

More information
2024 © docsplayer.net プライバシー | 利用規約 | フィードバック