TCP TCP TCP fin TCP NULL UDP ICMP Unreachable finger phf nph-test-cgi php ftp 18 1

Similar documents
2004 SYN/ACK SYN Flood G01P014-6

ヤマハ ルーター ファイアウォール機能~説明資料~

ヤマハ ルーター ファイアウォール機能~説明資料~

2 1: OSI OSI,,,,,,,,, 4 TCP/IP TCP/IP, TCP, IP 2,, IP, IP. IP, ICMP, TCP, UDP, TELNET, FTP, HTTP TCP IP

untitled

2/11 ANNEX HATS HATS

SRT/RTX/RT設定例集

snortの機能を使い尽くす & hogwashも使ってみる

橡不正アクセスサーバ別詳細対策集.PDF

設定例集_Rev.8.03, Rev.9.00, Rev.10.01対応

MUA (Mail User Agent) MTA (Mail Transfer Agent) DNS (Domain Name System) DNS MUA MTA MTA MUA MB mailbox MB

TCP/IP Internet Week 2002 [2002/12/17] Japan Registry Service Co., Ltd. No.3 Internet Week 2002 [2002/12/17] Japan Registry Service Co., Ltd. No.4 2

1 Linux UNIX-PC LAN. UNIX. LAN. UNIX. 1.1 UNIX LAN. 1.2 Linux PC Linux. 1.3 studenta odd kumabari studentb even kumabari studentc odd kumabari student

第1章 調査の概要

Si-R30取扱説明書

untitled

Agenda IPv4 over IPv6 MAP MAP IPv4 over IPv6 MAP packet MAP Protocol MAP domain MAP domain ASAMAP ASAMAP 2

お客様システムにおけるセキュリティ施策

shibasaki(印刷用)

ŠŸŠp”Ò„ü‡¯†E1

01紹介_A1ポスター


¥Í¥Ã¥È¥ï¡¼¥¯¥×¥í¥°¥é¥ß¥ó¥°ÆÃÏÀ

IPA:セキュアなインターネットサーバー構築に関する調査

untitled

第3回_416.ppt

Si-R30コマンドリファレンス

1.`16

IT JSOC 2

perimeter gateway

10.02EWE51号本文

607_h1h4_0215.indd

Gnutella TCP/IP Ping, Query 4. QueryHit 5. HTTP 2

WIDE 1

設定例集

VNSTProductDes3.0-1_jp.pdf

DNS





<8B9E8B40925A904D D862E706466>



untitled




1 ARENA DNS CSR ID ( ).. I

5. sendmail.cf

IPv6 トラブルシューティング ホームネットワーク/SOHO編

untitled

IPv4aaSを実現する技術の紹介


PDF

集中講義 インターネットテクノロジー 第5回

kokudenntsushi52

Managed Firewall NATユースケース

2

BJSManual

PowerPoint Presentation

INR-HG5579a_Netshut_Guide_Linux-Solaris_.doc

カテゴリ変数と独立性の検定

UsersGuide_INR-HG5497c_.doc

オンラインテスト

宅建練馬表478号1_4ol [更新済み].eps

Packet Tracer: 拡張 ACL の設定 : シナリオ 1 トポロジ アドレステーブル R1 デバイスインターフェイス IP アドレスサブネットマスクデフォルトゲートウェイ G0/ N/A G0/

The F5 DDoS Mitigation Reference Architecture | F5 White Paper

tutorial.dvi

NATディスクリプタ機能

I TCP 1/2 1

SRX IDP Full IDP Stateful Inspection 8 Detection mechanisms including Stateful Signatures and Protocol Anomalies Reassemble, normalize, eliminate ambi

2011 I/ 2 1

IPv6における

チェックしておきたいぜい弱性情報2009< >

Microsoft PowerPoint ppt [互換モード]

橡C16.PDF

96 8 PHPlot 1. ( 8.1) 4 1: // 2: // $_SERVER[ HTTP_REFERER ]... 3: // $_SERVER[ HTTP_USER_AGENT ]... 4: // $_SERVER[ REMOTE_ADDR ]... ( ) 5: // $_SERV

wide94.dvi


ict2-.key

untitled

untitled

設定手順

wide97.dvi

橡Ⅲ検証実験編.PDF

3. LISP B EID RLOC ETR B 4. ETR B ITR A 1: LISP 5. ITR A B EID RLOC 6. A SYN 7. ITR A ITR A B EID RLOC SYN ITR A RLOC ETR B RLOC 8. ETR B SYN ETR B B

平和教育の目標と主題(案)

F-03H

Systemwalker IT Service Management Systemwalker IT Service Management V11.0L10 IT Service Management - Centric Manager Windows

ETL Webinar


ScreenOS 5.0 ScreenOS 5.0 Deep Inspection VLAN NetScreen-25/-50/-204/-208 HA NetScreen-25 HA Lite NetScreen-25 NetScreen-50) ALG(Application Layer Gat

ALog ConVerter Any 製品概要資料

BLR3-TX4 ユーザーズガイド(3版)

橡c03tcp詳説(3/24修正版).PDF

Internet Initiative Japan Inc. プロトコルの脆弱性 ( 株 ) インターネットイニシアティブ 永尾禎啓 Copyright 2004, Internet Initiative Japan Inc.

PDF

Microsoft Word - ID32.doc

2017_Eishin_Style_H01

Transcription:

1 1 1.1 TCP 1 1.2 TCP 3 1.3 TCP fin 5 1.4 TCP NULL 7 1.5 UDP ICMP Unreachable 10 1.6 finger 12 1.7 phf 13 1.8 nph-test-cgi 14 1.9 php 16 1.10 ftp 18 1.11 http 23 1.12 smtp VRFY,EXPN 26 1.13 smtp 27 1.14 OOB 31 1.15 SYN FLOOD 32 1.16 Land 35 1.17 Teardrop 36 1.18 Smurf 37 1.19 UDP Flood F 38 1.20 Malformed HTTP Request Header 40 1.21 Connection Flood 41 1.22 rpc.sadmind 43 1.23 rpc.sadmind 44 1.24 Malformed HTR Request 45 1.25 Malformed HTR Request 46

2 50 2.1 TCP 50 2.2 TCP 55 2.3 TCP fin 57 2.4 TCP NULL 60 2.5 UDP ICMP Unreachable able 62 2.6 finger 65 2.7 ftp 67 2.8 http 76 2.9 smtp VRFY,EXPN 79 2.10 smtp 81 2.11 Smurf 87 2.12 UDP Flood 89 2.13 Malformed HTTP Request Header 90 2.14 rpc.sadmind 91 2.15 rpc.sadmind 93 2.16 Malformed HTR Request 95 2.17 Malformed HTR Request 96 3 RealSecure Network Engine 100 4 RealSecure System Agent 105

1 1.1 TCP 1.1.1 RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 1795,2000/3/14 130700,Port_Scan,6,1780,204,1780,204,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 1796,2000/3/14 130720,Port_Scan,6,3291,8,3291,8,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,0,1 92.168.10.11,FALSE,0 1797,2000/3/14 130737,Port_Scan,6,4902,554,4902,554,1728123052,168470720,172.16.1.103,192.168.10.10,,,,1,FALSE,00C0F6B30F12,,002018645CE 8,,0,,0,192.168.10.11,FALSE,0 1798,2000/3/14 130811,Port_Scan,6,4396,435,4396,435,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE 8,,0,,0,192.168.10.11,FALSE,0 1799,2000/3/14 130832,SYNFlood,6,0,699,Any,699,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1800,2000/3/14 130852,SYNFlood,6,0,480,Any,480,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1801,2000/3/14 130856,SYNFlood,6,0,424,Any,424,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1802,2000/3/14 130901,SYNFlood,6,0,453,Any,453,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1803,2000/3/14 130901,SYNFlood,6,0,648,Any,648,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1804,2000/3/14 130904,SYNFlood,6,0,1112,Any,1112,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.1 1,FALSE,0 (snip 135 records) 1939,2000/3/14 130950,SYNFlood,6,0,507,Any,507,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1940,2000/3/14 130950,SYNFlood,6,0,421,Any,421,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1941,2000/3/14 130950,SYNFlood,6,0,1418,Any,1418,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.1 1,FALSE,0 1942,2000/3/14 130951,SYNFlood,6,0,440,Any,440,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1943,2000/3/14 130951,SYNFlood,6,0,274,Any,274,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 1944,2000/3/14 130951,SYNFlood,6,0,174,Any,174,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1945,2000/3/14 130952,SYNFlood,6,0,307,Any,307,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 1946,2000/3/14 130952,SYNFlood,6,0,495,Any,495,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1947,2000/3/14 130952,SYNFlood,6,0,1068,Any,1068,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.1 1,FALSE,0 1948,2000/3/14 130952,SYNFlood,6,0,865,Any,865,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 1949,2000/3/14 130952,SYNFlood,6,0,806,Any,806,0,168470720,0.0.0.0,192.168.10.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0-1 -

1.1.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 14410,2000/3/14 130700,Port_Scan,6,1780,204,1780,204,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761EEA,,0,,0,192.168.20.11,FALSE,0 14411,2000/3/14 130720,Port_Scan,6,3291,8,3291,8,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E505,,0,,0, 192.168.20.11,FALSE,0 1.1.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. 4Mar2000" "130656" "nei0" "fw" "log" "accept" "" "ipa3" "dmz-mail" "icmp" "4" "" "" "" "" "" "" "" "" " icmp-type 8 icmp-code 0" "40" "14Mar2000" "130656" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "60991" "" "" "" "" "" "" "" " len 40" "41" "14Mar2000" "130656" "nei1" "fw" "log" "accept" "" "dmz-mail" "ipa3" "icmp" "8" "" "" "" "" "" "" "" "" " icmp-type 0 icmp-code 0" "42" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "118" "ipa3" "dmz-mail" "tcp" "4" "1744" "" "" "" "" "" "" "" " len 60" "43" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "1426" "ipa3" "dmz-mail" "tcp" "4" "1745" "" "" "" "" "" "" "" " len 60" "44" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "2011" "ipa3" "dmz-mail" "tcp" "4" "1746" "" "" "" "" "" "" "" " len 60" "45" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "45" "ipa3" "dmz-mail" "tcp" "4" "1747" "" "" "" "" "" "" "" " len 60" "46" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "853" "ipa3" "dmz-mail" "tcp" "4" "1748" "" "" "" "" "" "" "" " len 60" "47" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "371" "ipa3" "dmz-mail" "tcp" "4" "1749" "" "" "" "" "" "" "" " len 60" "48" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "2025" "ipa3" "dmz-mail" "tcp" "4" "1750" "" "" "" "" "" "" "" " len 60" (snip 3035 records) "3074" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "1430" "ipa3" "dmz-www" "tcp" "5" "4789" "" "" "" "" "" "" "" " len 60" "3075" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "433" "ipa3" "dmz-www" "tcp" "5" "4790" "" "" "" "" "" "" "" " len 60" "3076" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "2112" "ipa3" "dmz-www" "tcp" "5" "4791" "" "" "" "" "" "" "" " len 60" "3077" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "652" "ipa3" "dmz-www" "tcp" "5" "4792" "" "" "" "" "" "" "" " len 60" "3078" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "445" "ipa3" "dmz-www" "tcp" "5" "4793" "" "" "" "" "" "" "" " len 60" "3079" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "577" "ipa3" "dmz-www" "tcp" "5" "4794" "" "" "" "" "" "" "" " len 60" "3080" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "799" "ipa3" "dmz-www" "tcp" "5" "4795" "" "" "" "" "" "" "" " len 60" "3081" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "574" "ipa3" "dmz-www" "tcp" "5" "4796" "" "" "" "" "" "" "" " len 60" "3082" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "649" "ipa3" "dmz-www" "tcp" "5" "4797" "" "" "" "" "" "" "" " len 60" "3083" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "705" "ipa3" "dmz-www" "tcp" "5" "4798" "" "" "" "" "" "" "" " len 60" 1.1.4 RealSecure System Agent 1.1.5 Syslog Mar 14 130702 mail sendmail[348] SMTP connect from IDENTroot@ipa3 [172.16.1.103] (172.16.1.103) Mar 14 130702 mail sendmail[348] NOQUEUE --> 220 mail.dmz.local ESMTP Sendmail 8.9.3/3.7W; Tue, 14 Mar 2000 130702 +0900 (JST) Mar 14 130702 mail sendmail[348] NOQUEUE --> 421 mail.dmz.local Lost input channel from IDENTroot@ipa3 [172.16.1.103] Mar 14 130702 mail sendmail[348] NOQUEUE Null connection from IDENTroot@ipa3 [172.16.1.103] - 2 -

1.2 TCP 1.2.1 RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 1950,2000/3/14 131140,Port_Scan,6,36503,661,36503,661,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE 8,,0,,0,192.168.10.11,FALSE,0 1951,2000/3/14 131140,SYNFlood,6,0,1008,Any,1008,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 1952,2000/3/14 131142,SYNFlood,6,0,1365,Any,1365,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.1 1,FALSE,0 1953,2000/3/14 131151,Port_Scan,6,34680,945,34680,945,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,00C0F6B30F12,,002018645CE 8,,0,,0,192.168.10.11,FALSE,0 1954,2000/3/14 131203,SYNFlood,6,0,2600,Any,2600,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.1 1,FALSE,0 1955,2000/3/14 131205,SYNFlood,6,0,528,Any,528,0,168470720,0.0.0.0,192.168.10.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 1956,2000/3/14 131207,SYNFlood,6,0,95,Any,Sudup,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FALSE,0 1957,2000/3/14 131207,SYNFlood,6,0,5011,Any,5011,0,168470720,0.0.0.0,192.168.10.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.1 1,FALSE,0 1958,2000/3/14 131208,SYNFlood,6,0,884,Any,884,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 1959,2000/3/14 131208,SYNFlood,6,0,7002,Any,7002,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.1 1,FALSE,0 (snip 129 records) 2089,2000/3/14 131304,SYNFlood,6,0,990,Any,990,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 2090,2000/3/14 131305,SYNFlood,6,0,574,Any,574,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 2091,2000/3/14 131305,SYNFlood,6,0,692,Any,692,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 2092,2000/3/14 131305,SYNFlood,6,0,333,Any,333,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 2093,2000/3/14 131305,SYNFlood,6,0,5191,Any,5191,0,168470720,0.0.0.0,192.168.10.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.1 1,FALSE,0 2094,2000/3/14 131306,SYNFlood,6,0,697,Any,697,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 2095,2000/3/14 131307,SYNFlood,6,0,292,Any,292,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 2096,2000/3/14 131307,SYNFlood,6,0,995,Any,995,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 2097,2000/3/14 131308,SYNFlood,6,0,1013,Any,1013,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, - 3 -

1.2.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 14412,2000/3/14 131151,Port_Scan,6,34680,945,34680,945,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E50 5,,0,,0,192.168.20.11,FALSE,0 1.2.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "3089" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "" "ipa3" "dmz-mail" "icmp" "4" "" "" "" "" "" "" "" "" " icmp-type 8 icmp-cod e 0" "3090" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "36523" "" "" "" "" "" "" "" " len 40" "3091" "14Mar2000" "131139" "nei1" "fw" "log" "accept" "" "dmz-mail" "ipa3" "icmp" "8" "" "" "" "" "" "" "" "" " icmp-type 0 icmp-cod e 0" "3092" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "331" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3093" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "310" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3094" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "352" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3095" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "477" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3096" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "533" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3097" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "189" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3098" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "354" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" (snip 2990 records) "3074" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "1430" "ipa3" "dmz-www" "tcp" "5" "4789" "" "" "" "" "" "" "" " len 60" "3075" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "433" "ipa3" "dmz-www" "tcp" "5" "4790" "" "" "" "" "" "" "" " len 60" "3076" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "2112" "ipa3" "dmz-www" "tcp" "5" "4791" "" "" "" "" "" "" "" " len 60" "3077" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "652" "ipa3" "dmz-www" "tcp" "5" "4792" "" "" "" "" "" "" "" " len 60" "3078" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "445" "ipa3" "dmz-www" "tcp" "5" "4793" "" "" "" "" "" "" "" " len 60" "3079" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "577" "ipa3" "dmz-www" "tcp" "5" "4794" "" "" "" "" "" "" "" " len 60" "3080" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "799" "ipa3" "dmz-www" "tcp" "5" "4795" "" "" "" "" "" "" "" " len 60" "3081" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "574" "ipa3" "dmz-www" "tcp" "5" "4796" "" "" "" "" "" "" "" " len 60" "3082" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "649" "ipa3" "dmz-www" "tcp" "5" "4797" "" "" "" "" "" "" "" " len 60" "3083" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "705" "ipa3" "dmz-www" "tcp" "5" "4798" "" "" "" "" "" "" "" " len 60" 1.2.4 RealSecure System Agent 1.2.5 Syslog, - 4 -

1.3 TCP fin 1.3.1 RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 2099,2000/3/14 131515,Port_Scan,6,43662,131,43662,131,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE 8,,0,,0,192.168.10.11,FALSE,0 2100,2000/3/14 131532,Port_Scan,6,57854,289,57854,289,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,00C0F6B30F12,,002018645CE 8,,0,,0,192.168.10.11,FALSE,0 2101,2000/3/14 131548,Port_Scan,6,43840,208,43840,208,1728123052,169126080,172.16.1.103,192.168.20.10,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,0,192.168.10.11,FALSE,0-5 -

1.3.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 14413,2000/3/14 131515,Port_Scan,6,43662,131,43662,131,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761EE A,,0,,0,192.168.20.11,FALSE,0 14414,2000/3/14 131532,Port_Scan,6,57854,289,57854,289,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E50 5,,0,,0,192.168.20.11,FALSE,0 1.3.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "6100" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "" "ipa3" "dmz-mail" "icmp" "4" "" "" "" "" "" "" "" "" " icmp-type 8 icmp-cod e 0" "6101" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "43682" "" "" "" "" "" "" "" " len 40" "6102" "14Mar2000" "131515" "nei1" "fw" "log" "accept" "" "dmz-mail" "ipa3" "icmp" "8" "" "" "" "" "" "" "" "" " icmp-type 0 icmp-cod e 0" "6103" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "251" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6104" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "867" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6105" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "975" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6106" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "CreativePartnerClnt" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6107" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "2784" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6108" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "usenet" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6109" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "x400-snd" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" (snip 4485 records) "10594" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "printer" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10595" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "92" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10596" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "445" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10597" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "1491" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10598" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "2010" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10599" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "22289" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10600" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "879" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10601" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "666" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10602" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "nbsession" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10603" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "284" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10604" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "179" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" 1.3.4 RealSecure System Agent 1.3.5 Syslog, - 6 -

1.4 TCP NULL 1.4.1 RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 2102,2000/3/14 132018,IPHalfScan,6,45876,556,45876,Remotefs,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,0020186 45CE8,,0,,0,192.168.10.11,FALSE,0 2103,2000/3/14 132018,IPHalfScan,6,45876,182,45876,182,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,0,192.168.10.11,FALSE,0 2104,2000/3/14 132018,IPHalfScan,6,45876,154,45876,154,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,0,192.168.10.11,FALSE,0 2105,2000/3/14 132018,IPHalfScan,6,45876,2232,45876,2232,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645 CE8,,0,,0,192.168.10.11,FALSE,0 2106,2000/3/14 132018,IPHalfScan,6,45876,67,45876,67,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,0,192.168.10.11,FALSE,0 2107,2000/3/14 132018,IPHalfScan,6,45876,650,45876,650,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,0,192.168.10.11,FALSE,0 2108,2000/3/14 132018,IPHalfScan,6,45876,775,45876,775,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,0,192.168.10.11,FALSE,0 2109,2000/3/14 132018,IPHalfScan,6,45876,5000,45876,5000,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645 CE8,,0,,0,192.168.10.11,FALSE,0 2110,2000/3/14 132018,IPHalfScan,6,45876,390,45876,390,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,0,192.168.10.11,FALSE,0 2111,2000/3/14 132018,IPHalfScan,6,45876,855,45876,855,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,0,192.168.10.11,FALSE,0 (snip 9011 records) 11121,2000/3/14 132131,IPHalfScan,6,40214,784,40214,784,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,00201864 5CE8,,0,,0,192.168.10.11,FALSE,0 11122,2000/3/14 132131,IPHalfScan,6,40214,776,40214,776,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,00201864 5CE8,,0,,0,192.168.10.11,FALSE,0 11123,2000/3/14 132131,IPHalfScan,6,40214,6143,40214,6143,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,0020186 45CE8,,0,,0,192.168.10.11,FALSE,0 11124,2000/3/14 132131,IPHalfScan,6,40214,573,40214,573,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,00201864 5CE8,,0,,0,192.168.10.11,FALSE,0 11125,2000/3/14 132131,IPHalfScan,6,40214,2106,40214,2106,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,0020186 45CE8,,0,,0,192.168.10.11,FALSE,0 11126,2000/3/14 132131,IPHalfScan,6,40215,415,40215,415,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,00201864 5CE8,,0,,0,192.168.10.11,FALSE,0 11127,2000/3/14 132133,IPHalfScan,6,40215,288,40215,288,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,00201864 5CE8,,0,,0,192.168.10.11,FALSE,0 11128,2000/3/14 132133,IPHalfScan,6,40215,784,40215,784,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,00201864 5CE8,,0,,0,192.168.10.11,FALSE,0 11129,2000/3/14 132133,IPHalfScan,6,40215,776,40215,776,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,00201864 5CE8,,0,,0,192.168.10.11,FALSE,0 11130,2000/3/14 132133,IPHalfScan,6,40215,6143,40215,6143,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,0020186 45CE8,,0,,0,192.168.10.11,FALSE,0 11131,2000/3/14 132133,IPHalfScan,6,40215,573,40215,573,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,00201864 5CE8,,0,,0,192.168.10.11,FALSE,0 11132,2000/3/14 132133,IPHalfScan,6,40215,2106,40215,2106,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,0020186 45CE8,,0,,0,192.168.10.11,FALSE,0-7 -

1.4.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 14415,2000/3/14 132018,IPHalfScan,6,45876,556,45876,Remotefs,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020 761EEA,,0,,0,192.168.20.11,FALSE,0 14416,2000/3/14 132018,IPHalfScan,6,45876,182,45876,182,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761E EA,,0,,0,192.168.20.11,FALSE,0 14417,2000/3/14 132018,IPHalfScan,6,45876,154,45876,154,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761E EA,,0,,0,192.168.20.11,FALSE,0 14418,2000/3/14 132018,IPHalfScan,6,45876,2232,45876,2232,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761 EEA,,0,,0,192.168.20.11,FALSE,0 14419,2000/3/14 132018,IPHalfScan,6,45876,67,45876,67,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761EE A,,0,,0,192.168.20.11,FALSE,0 14420,2000/3/14 132018,IPHalfScan,6,45876,650,45876,650,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761E EA,,0,,0,192.168.20.11,FALSE,0 14421,2000/3/14 132018,IPHalfScan,6,45876,775,45876,775,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761E EA,,0,,0,192.168.20.11,FALSE,0 14422,2000/3/14 132018,IPHalfScan,6,45876,5000,45876,5000,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761 EEA,,0,,0,192.168.20.11,FALSE,0 14423,2000/3/14 132018,IPHalfScan,6,45876,390,45876,390,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761E EA,,0,,0,192.168.20.11,FALSE,0 14424,2000/3/14 132018,IPHalfScan,6,45876,855,45876,855,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761E EA,,0,,0,192.168.20.11,FALSE,0 (snip 3087 records) 17512,2000/3/14 132041,IPHalfScan,6,43457,8,43457,8,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E505,,0,,0,192.168.20.11,FALSE,0 17513,2000/3/14 132041,IPHalfScan,6,43457,587,43457,587,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E5 05,,0,,0,192.168.20.11,FALSE,0 17514,2000/3/14 132041,IPHalfScan,6,43457,500,43457,500,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E5 05,,0,,0,192.168.20.11,FALSE,0 17515,2000/3/14 132041,IPHalfScan,6,43457,20,43457,FTP-Data,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C0262 6E505,,0,,0,192.168.20.11,FALSE,0 17516,2000/3/14 132041,IPHalfScan,6,43457,62,43457,62,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E505,,0,,0,192.168.20.11,FALSE,0 17517,2000/3/14 132045,IPHalfScan,6,43457,1378,43457,1378,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626 E505,,0,,0,192.168.20.11,FALSE,0 17518,2000/3/14 132045,IPHalfScan,6,43457,1371,43457,1371,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626 E505,,0,,0,192.168.20.11,FALSE,0 17519,2000/3/14 132045,IPHalfScan,6,43457,467,43457,467,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E5 05,,0,,0,192.168.20.11,FALSE,0 17520,2000/3/14 132045,IPHalfScan,6,43457,451,43457,451,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E5 05,,0,,0,192.168.20.11,FALSE,0 17521,2000/3/14 132045,IPHalfScan,6,43457,909,43457,909,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E5 05,,0,,0,192.168.20.11,FALSE,0-8 -

1.4.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "10605" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "" "ipa3" "dmz-mail" "icmp" "4" "" "" "" "" "" "" "" "" " icmp-type 8 icmp-co de 0" "10606" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "45896" "" "" "" "" "" "" "" " len 40" "10607" "14Mar2000" "132018" "nei1" "fw" "log" "accept" "" "dmz-mail" "ipa3" "icmp" "8" "" "" "" "" "" "" "" "" " icmp-type 0 icmp-co de 0" "10608" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "556" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10609" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "182" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10610" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "154" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10611" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "2232" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10612" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "67" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10613" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "650" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10614" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "775" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" (snip 3032 records) "13647" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "8" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13648" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "587" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13649" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "500" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13650" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "ftp-data" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13651" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "62" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13652" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "1378" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13653" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "1371" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13654" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "467" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13655" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "451" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13656" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "909" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" 1.4.4 RealSecure System Agent 1.4.5 Syslog, - 9 -

1.5 UDP ICMP Unreachable 1.5.1 RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 11133,2000/3/14 132524,UDP_Port_Scan,17,53173,497,53173,497,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018 645CE8,,0,,0,192.168.10.11,FALSE,0 11134,2000/3/14 133659,UDP_Port_Scan,17,53173,271,53173,271,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018 645CE8,,0,,0,192.168.10.11,FALSE,0 11135,2000/3/14 135141,UDP_Port_Scan,17,46019,778,46019,778,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,00C0F6B30F12,,002018 645CE8,,0,,0,192.168.10.11,FALSE,0 11136,2000/3/14 135211,UDP_Port_Scan,17,40078,391,40078,391,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018 645CE8,,0,,0,192.168.10.11,FALSE,0 11137,2000/3/14 135338,UDP_Port_Scan,17,53385,261,53385,261,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,0020 18645CE8,,0,,0,192.168.10.11,FALSE,0 11138,2000/3/14 135417,UDP_Port_Scan,17,43605,676,43605,676,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018 645CE8,,0,,0,192.168.10.11,FALSE,0 1.5.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 17522,2000/3/14 132524,UDP_Port_Scan,17,53173,497,53173,497,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020 761EEA,,0,,0,192.168.20.11,FALSE,0 17523,2000/3/14 135140,UDP_Port_Scan,17,46019,778,46019,778,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C026 26E505,,0,,0,192.168.20.11,FALSE,0 17524,2000/3/14 135211,UDP_Port_Scan,17,40078,391,40078,391,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020 761EEA,,0,,0,192.168.20.11,FALSE,0-10 -

1.5.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "13664" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "523" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13665" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "89" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13666" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "955" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13667" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "232" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13668" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "469" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13669" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "351" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13670" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "1986" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13671" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "808" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13672" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "2307" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13673" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "878" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" (snip 7108 records) "20782" "14Mar2000" "135748" "nei0" "fw" "log" "accept" "7650" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20783" "14Mar2000" "135752" "nei0" "fw" "log" "accept" "569" "ipa3" "dmz-mail" "udp" "4" "43606" "" "" "" "" "" "" "" " len 28" "20784" "14Mar2000" "135753" "nei0" "fw" "log" "accept" "312" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20785" "14Mar2000" "135753" "nei0" "fw" "log" "accept" "455" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20786" "14Mar2000" "135757" "nei0" "fw" "log" "accept" "312" "ipa3" "dmz-mail" "udp" "4" "43606" "" "" "" "" "" "" "" " len 28" "20787" "14Mar2000" "135757" "nei0" "fw" "log" "accept" "144" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20788" "14Mar2000" "135757" "nei0" "fw" "log" "accept" "106" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20789" "14Mar2000" "135801" "nei0" "fw" "log" "accept" "144" "ipa3" "dmz-mail" "udp" "4" "43606" "" "" "" "" "" "" "" " len 28" "20790" "14Mar2000" "135801" "nei0" "fw" "log" "accept" "201" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20791" "14Mar2000" "135802" "nei0" "fw" "log" "accept" "941" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" 1.5.4 RealSecure System Agent 1.5.5 Syslog, - 11 -

1.6 finger 1.6.1 RealSecure Network Engine 1 1.6.2 RealSecure Network Engine 2 1.6.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "28962" "14Mar2000" "144045" "nei0" "fw" "log" "accept" "finger" "ipa3" "dmz-mail" "tcp" "4" "1522" "" "" "" "" "" "" "" " len 60" "28963" "14Mar2000" "144103" "nei0" "fw" "log" "accept" "finger" "ipa3" "dmz-mail" "tcp" "4" "1523" "" "" "" "" "" "" "" " len 60" "28964" "14Mar2000" "144113" "nei0" "fw" "log" "accept" "finger" "ipa3" "dmz-www" "tcp" "5" "ingreslock" "" "" "" "" "" "" "" " len 6 0" "28965" "14Mar2000" "144123" "nei0" "fw" "log" "accept" "finger" "ipa3" "dmz-www" "tcp" "5" "1525" "" "" "" "" "" "" "" " len 60" 1.6.4 RealSecure System Agent 1.6.5 Syslog, - 12 -

1.7 phf 1.7.1 RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 11546,2000/3/14 144353,HTTP_PHF,6,1526,80,1526,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,1,192.168.10.11,FALSE,0 11547,2000/3/14 144353,HTTP_Unix_Passwords,6,1526,80,1526,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,00 2018645CE8,,0,,1,192.168.10.11,FALSE,0 11548,2000/3/14 144438,HTTP_PHF,6,1527,80,1527,HTTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,1,192.168.10.11,FALSE,0 11549,2000/3/14 144438,HTTP_Unix_Passwords,6,1527,80,1527,HTTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,00C0F6B30F12,,00 2018645CE8,,0,,1,192.168.10.11,FALSE,0 1.7.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 17541,2000/3/14 144353,HTTP_PHF,6,1526,80,1526,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761E EA,,0,,1,192.168.20.11,FALSE,0 17542,2000/3/14 144353,HTTP_Unix_Passwords,6,1526,80,1526,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080 020761EEA,,0,,1,192.168.20.11,FALSE,0 17543,2000/3/14 144438,HTTP_PHF,6,1527,80,1527,HTTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E5 05,,0,,1,192.168.20.11,FALSE,0 17544,2000/3/14 144438,HTTP_Unix_Passwords,6,1527,80,1527,HTTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C 02626E505,,0,,1,192.168.20.11,FALSE,0 1.7.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "28974" "14Mar2000" "144330" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "1526" "" "" "" "" "" "" "" " len 60" "28975" "14Mar2000" "144415" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-www" "tcp" "5" "1527" "" "" "" "" "" "" "" " len 60" 1.7.4 RealSecure System Agent 1.7.5 Syslog, 1.7.6 Apache 172.16.1.103 --[14/Mar/2000144353 +0900] "GET /cgi-bin/phf?q=%0acat%20/etc/passwd" 200 571 1.7.7 IIS 172.16.1.103, -, 00/03/14, 144440, W3SVC1, WWW, 192.168.20.3, 20, 41, 611, 404, 2, GET, /cgi-bin/phf, Q=%0Acat%20/etc/passwd, - 13 -

1.8 nph-test-cgi 1.8.1 RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 11550,2000/3/14 144530,HTTP_NphTestCgi,6,1528,80,1528,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018 645CE8,,0,,1,192.168.10.11,FALSE,0 1.8.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 17545,2000/3/14 144531,HTTP_NphTestCgi,6,1528,80,1528,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020 761EEA,,0,,1,192.168.20.11,FALSE,0-14 -

1.8.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "28979" "14Mar2000" "144525" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "1528" "" "" "" "" "" "" "" " len 60" 1.8.4 RealSecure System Agent 1.8.5 Syslog, 1.8.6 Apache 172.16.18.71 --[09/Mar/2000170613 +0900] "GET /cgi-bin/nph-test-cgi?/* HTTP/1.1" 200 - - 15 -

1.9 php 1.9.1 RealSecure Network Engine 1 11551,2000/3/14 144655,HTTP_PHP_Read,6,1529,80,1529,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018 645CE8,,0,,1,192.168.10.11,FALSE,0 11552,2000/3/14 144655,HTTP_Unix_Passwords,6,1529,80,1529,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,00 2018645CE8,,0,,1,192.168.10.11,FALSE,0 1.9.2 RealSecure Network Engine 2 17546,2000/3/14 144655,HTTP_PHP_Read,6,1529,80,1529,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,0800207 61EEA,,0,,1,192.168.20.11,FALSE,0 17547,2000/3/14 144655,HTTP_Unix_Passwords,6,1529,80,1529,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080 020761EEA,,0,,1,192.168.20.11,FALSE,0 1.9.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "28980" "14Mar2000" "144542" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "1529" "" "" "" "" "" "" "" " len 60" 1.9.4 RealSecure System Agent - 16 -

1.9.5 Syslog, 1.9.6 Apache 172.16.18.71 --[09/Mar/2000170445 +0900] "GET /cgi-bin/php.cgi?/etc/passwd HTTP/1.1" 200 502-17 -

1.10 ftp 1.10.1 RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 11553,2000/3/14 154356,FTP_Syst,6,1532,21,1532,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11554,2000/3/14 154357,FTP_Syst,6,1533,21,1533,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11555,2000/3/14 154358,FTP_Syst,6,1534,21,1534,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11556,2000/3/14 154359,FTP_Syst,6,1535,21,1535,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11557,2000/3/14 154400,FTP_Syst,6,1536,21,1536,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11558,2000/3/14 154401,FTP_Syst,6,1537,21,1537,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11559,2000/3/14 154402,FTP_Syst,6,1538,21,1538,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11560,2000/3/14 154403,FTP_Syst,6,1539,21,1539,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11561,2000/3/14 154405,FTP_Syst,6,1540,21,1540,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11562,2000/3/14 154406,FTP_Syst,6,1541,21,1541,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 (snip 222 records) 11783,2000/3/14 154944,FTP_Syst,6,1762,21,1762,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11784,2000/3/14 154944,FTP_Syst,6,1763,21,1763,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11785,2000/3/14 154944,FTP_Syst,6,1764,21,1764,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11786,2000/3/14 154945,FTP_Syst,6,1765,21,1765,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11787,2000/3/14 154945,FTP_Syst,6,1766,21,1766,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11788,2000/3/14 154945,FTP_Syst,6,1767,21,1767,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11789,2000/3/14 154945,FTP_Syst,6,1768,21,1768,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11790,2000/3/14 154946,FTP_Syst,6,1769,21,1769,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11791,2000/3/14 154946,FTP_Syst,6,1770,21,1770,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11792,2000/3/14 154946,FTP_Syst,6,1771,21,1771,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11793,2000/3/14 154946,FTP_Syst,6,1772,21,1772,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11794,2000/3/14 154946,FTP_Syst,6,1773,21,1773,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0-18 -

- 19 -

1.10.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 17548,2000/3/14 154356,FTP_Syst,6,1532,21,1532,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17549,2000/3/14 154357,FTP_Syst,6,1533,21,1533,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17550,2000/3/14 154358,FTP_Syst,6,1534,21,1534,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17551,2000/3/14 154359,FTP_Syst,6,1535,21,1535,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17552,2000/3/14 154400,FTP_Syst,6,1536,21,1536,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17553,2000/3/14 154401,FTP_Syst,6,1537,21,1537,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17554,2000/3/14 154402,FTP_Syst,6,1538,21,1538,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17555,2000/3/14 154403,FTP_Syst,6,1539,21,1539,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17556,2000/3/14 154404,FTP_Syst,6,1540,21,1540,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17557,2000/3/14 154406,FTP_Syst,6,1541,21,1541,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 (snip 222 records) 17780,2000/3/14 154945,FTP_Syst,6,1764,21,1764,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17781,2000/3/14 154945,FTP_Syst,6,1765,21,1765,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17782,2000/3/14 154945,FTP_Syst,6,1766,21,1766,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17783,2000/3/14 154945,FTP_Syst,6,1767,21,1767,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17784,2000/3/14 154945,FTP_Syst,6,1768,21,1768,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17785,2000/3/14 154946,FTP_Syst,6,1769,21,1769,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17786,2000/3/14 154946,FTP_Syst,6,1770,21,1770,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17787,2000/3/14 154946,FTP_Syst,6,1771,21,1771,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17788,2000/3/14 154946,FTP_Syst,6,1772,21,1772,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17789,2000/3/14 154947,FTP_Syst,6,1773,21,1773,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0-20 -

2024 © docsplayer.net プライバシー | 利用規約 | フィードバック