1 1 1.1 TCP 1 1.2 TCP 3 1.3 TCP fin 5 1.4 TCP NULL 7 1.5 UDP ICMP Unreachable 10 1.6 finger 12 1.7 phf 13 1.8 nph-test-cgi 14 1.9 php 16 1.10 ftp 18 1.11 http 23 1.12 smtp VRFY,EXPN 26 1.13 smtp 27 1.14 OOB 31 1.15 SYN FLOOD 32 1.16 Land 35 1.17 Teardrop 36 1.18 Smurf 37 1.19 UDP Flood F 38 1.20 Malformed HTTP Request Header 40 1.21 Connection Flood 41 1.22 rpc.sadmind 43 1.23 rpc.sadmind 44 1.24 Malformed HTR Request 45 1.25 Malformed HTR Request 46
2 50 2.1 TCP 50 2.2 TCP 55 2.3 TCP fin 57 2.4 TCP NULL 60 2.5 UDP ICMP Unreachable able 62 2.6 finger 65 2.7 ftp 67 2.8 http 76 2.9 smtp VRFY,EXPN 79 2.10 smtp 81 2.11 Smurf 87 2.12 UDP Flood 89 2.13 Malformed HTTP Request Header 90 2.14 rpc.sadmind 91 2.15 rpc.sadmind 93 2.16 Malformed HTR Request 95 2.17 Malformed HTR Request 96 3 RealSecure Network Engine 100 4 RealSecure System Agent 105
1 1.1 TCP 1.1.1 RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 1795,2000/3/14 130700,Port_Scan,6,1780,204,1780,204,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 1796,2000/3/14 130720,Port_Scan,6,3291,8,3291,8,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,0,1 92.168.10.11,FALSE,0 1797,2000/3/14 130737,Port_Scan,6,4902,554,4902,554,1728123052,168470720,172.16.1.103,192.168.10.10,,,,1,FALSE,00C0F6B30F12,,002018645CE 8,,0,,0,192.168.10.11,FALSE,0 1798,2000/3/14 130811,Port_Scan,6,4396,435,4396,435,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE 8,,0,,0,192.168.10.11,FALSE,0 1799,2000/3/14 130832,SYNFlood,6,0,699,Any,699,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1800,2000/3/14 130852,SYNFlood,6,0,480,Any,480,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1801,2000/3/14 130856,SYNFlood,6,0,424,Any,424,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1802,2000/3/14 130901,SYNFlood,6,0,453,Any,453,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1803,2000/3/14 130901,SYNFlood,6,0,648,Any,648,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1804,2000/3/14 130904,SYNFlood,6,0,1112,Any,1112,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.1 1,FALSE,0 (snip 135 records) 1939,2000/3/14 130950,SYNFlood,6,0,507,Any,507,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1940,2000/3/14 130950,SYNFlood,6,0,421,Any,421,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1941,2000/3/14 130950,SYNFlood,6,0,1418,Any,1418,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.1 1,FALSE,0 1942,2000/3/14 130951,SYNFlood,6,0,440,Any,440,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1943,2000/3/14 130951,SYNFlood,6,0,274,Any,274,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 1944,2000/3/14 130951,SYNFlood,6,0,174,Any,174,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1945,2000/3/14 130952,SYNFlood,6,0,307,Any,307,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 1946,2000/3/14 130952,SYNFlood,6,0,495,Any,495,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 1947,2000/3/14 130952,SYNFlood,6,0,1068,Any,1068,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.1 1,FALSE,0 1948,2000/3/14 130952,SYNFlood,6,0,865,Any,865,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 1949,2000/3/14 130952,SYNFlood,6,0,806,Any,806,0,168470720,0.0.0.0,192.168.10.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0-1 -
1.1.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 14410,2000/3/14 130700,Port_Scan,6,1780,204,1780,204,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761EEA,,0,,0,192.168.20.11,FALSE,0 14411,2000/3/14 130720,Port_Scan,6,3291,8,3291,8,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E505,,0,,0, 192.168.20.11,FALSE,0 1.1.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. 4Mar2000" "130656" "nei0" "fw" "log" "accept" "" "ipa3" "dmz-mail" "icmp" "4" "" "" "" "" "" "" "" "" " icmp-type 8 icmp-code 0" "40" "14Mar2000" "130656" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "60991" "" "" "" "" "" "" "" " len 40" "41" "14Mar2000" "130656" "nei1" "fw" "log" "accept" "" "dmz-mail" "ipa3" "icmp" "8" "" "" "" "" "" "" "" "" " icmp-type 0 icmp-code 0" "42" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "118" "ipa3" "dmz-mail" "tcp" "4" "1744" "" "" "" "" "" "" "" " len 60" "43" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "1426" "ipa3" "dmz-mail" "tcp" "4" "1745" "" "" "" "" "" "" "" " len 60" "44" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "2011" "ipa3" "dmz-mail" "tcp" "4" "1746" "" "" "" "" "" "" "" " len 60" "45" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "45" "ipa3" "dmz-mail" "tcp" "4" "1747" "" "" "" "" "" "" "" " len 60" "46" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "853" "ipa3" "dmz-mail" "tcp" "4" "1748" "" "" "" "" "" "" "" " len 60" "47" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "371" "ipa3" "dmz-mail" "tcp" "4" "1749" "" "" "" "" "" "" "" " len 60" "48" "14Mar2000" "130700" "nei0" "fw" "log" "accept" "2025" "ipa3" "dmz-mail" "tcp" "4" "1750" "" "" "" "" "" "" "" " len 60" (snip 3035 records) "3074" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "1430" "ipa3" "dmz-www" "tcp" "5" "4789" "" "" "" "" "" "" "" " len 60" "3075" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "433" "ipa3" "dmz-www" "tcp" "5" "4790" "" "" "" "" "" "" "" " len 60" "3076" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "2112" "ipa3" "dmz-www" "tcp" "5" "4791" "" "" "" "" "" "" "" " len 60" "3077" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "652" "ipa3" "dmz-www" "tcp" "5" "4792" "" "" "" "" "" "" "" " len 60" "3078" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "445" "ipa3" "dmz-www" "tcp" "5" "4793" "" "" "" "" "" "" "" " len 60" "3079" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "577" "ipa3" "dmz-www" "tcp" "5" "4794" "" "" "" "" "" "" "" " len 60" "3080" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "799" "ipa3" "dmz-www" "tcp" "5" "4795" "" "" "" "" "" "" "" " len 60" "3081" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "574" "ipa3" "dmz-www" "tcp" "5" "4796" "" "" "" "" "" "" "" " len 60" "3082" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "649" "ipa3" "dmz-www" "tcp" "5" "4797" "" "" "" "" "" "" "" " len 60" "3083" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "705" "ipa3" "dmz-www" "tcp" "5" "4798" "" "" "" "" "" "" "" " len 60" 1.1.4 RealSecure System Agent 1.1.5 Syslog Mar 14 130702 mail sendmail[348] SMTP connect from IDENTroot@ipa3 [172.16.1.103] (172.16.1.103) Mar 14 130702 mail sendmail[348] NOQUEUE --> 220 mail.dmz.local ESMTP Sendmail 8.9.3/3.7W; Tue, 14 Mar 2000 130702 +0900 (JST) Mar 14 130702 mail sendmail[348] NOQUEUE --> 421 mail.dmz.local Lost input channel from IDENTroot@ipa3 [172.16.1.103] Mar 14 130702 mail sendmail[348] NOQUEUE Null connection from IDENTroot@ipa3 [172.16.1.103] - 2 -
1.2 TCP 1.2.1 RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 1950,2000/3/14 131140,Port_Scan,6,36503,661,36503,661,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE 8,,0,,0,192.168.10.11,FALSE,0 1951,2000/3/14 131140,SYNFlood,6,0,1008,Any,1008,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 1952,2000/3/14 131142,SYNFlood,6,0,1365,Any,1365,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.1 1,FALSE,0 1953,2000/3/14 131151,Port_Scan,6,34680,945,34680,945,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,00C0F6B30F12,,002018645CE 8,,0,,0,192.168.10.11,FALSE,0 1954,2000/3/14 131203,SYNFlood,6,0,2600,Any,2600,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.1 1,FALSE,0 1955,2000/3/14 131205,SYNFlood,6,0,528,Any,528,0,168470720,0.0.0.0,192.168.10.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 1956,2000/3/14 131207,SYNFlood,6,0,95,Any,Sudup,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FALSE,0 1957,2000/3/14 131207,SYNFlood,6,0,5011,Any,5011,0,168470720,0.0.0.0,192.168.10.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.1 1,FALSE,0 1958,2000/3/14 131208,SYNFlood,6,0,884,Any,884,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 1959,2000/3/14 131208,SYNFlood,6,0,7002,Any,7002,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.1 1,FALSE,0 (snip 129 records) 2089,2000/3/14 131304,SYNFlood,6,0,990,Any,990,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 2090,2000/3/14 131305,SYNFlood,6,0,574,Any,574,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 2091,2000/3/14 131305,SYNFlood,6,0,692,Any,692,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 2092,2000/3/14 131305,SYNFlood,6,0,333,Any,333,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 2093,2000/3/14 131305,SYNFlood,6,0,5191,Any,5191,0,168470720,0.0.0.0,192.168.10.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.1 1,FALSE,0 2094,2000/3/14 131306,SYNFlood,6,0,697,Any,697,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 2095,2000/3/14 131307,SYNFlood,6,0,292,Any,292,0,169781440,0.0.0.0,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, FALSE,0 2096,2000/3/14 131307,SYNFlood,6,0,995,Any,995,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11,FA LSE,0 2097,2000/3/14 131308,SYNFlood,6,0,1013,Any,1013,0,34908352,0.0.0.0,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,1,192.168.10.11, - 3 -
1.2.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 14412,2000/3/14 131151,Port_Scan,6,34680,945,34680,945,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E50 5,,0,,0,192.168.20.11,FALSE,0 1.2.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "3089" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "" "ipa3" "dmz-mail" "icmp" "4" "" "" "" "" "" "" "" "" " icmp-type 8 icmp-cod e 0" "3090" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "36523" "" "" "" "" "" "" "" " len 40" "3091" "14Mar2000" "131139" "nei1" "fw" "log" "accept" "" "dmz-mail" "ipa3" "icmp" "8" "" "" "" "" "" "" "" "" " icmp-type 0 icmp-cod e 0" "3092" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "331" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3093" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "310" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3094" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "352" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3095" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "477" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3096" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "533" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3097" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "189" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" "3098" "14Mar2000" "131139" "nei0" "fw" "log" "accept" "354" "ipa3" "dmz-mail" "tcp" "4" "36503" "" "" "" "" "" "" "" " len 40" (snip 2990 records) "3074" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "1430" "ipa3" "dmz-www" "tcp" "5" "4789" "" "" "" "" "" "" "" " len 60" "3075" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "433" "ipa3" "dmz-www" "tcp" "5" "4790" "" "" "" "" "" "" "" " len 60" "3076" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "2112" "ipa3" "dmz-www" "tcp" "5" "4791" "" "" "" "" "" "" "" " len 60" "3077" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "652" "ipa3" "dmz-www" "tcp" "5" "4792" "" "" "" "" "" "" "" " len 60" "3078" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "445" "ipa3" "dmz-www" "tcp" "5" "4793" "" "" "" "" "" "" "" " len 60" "3079" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "577" "ipa3" "dmz-www" "tcp" "5" "4794" "" "" "" "" "" "" "" " len 60" "3080" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "799" "ipa3" "dmz-www" "tcp" "5" "4795" "" "" "" "" "" "" "" " len 60" "3081" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "574" "ipa3" "dmz-www" "tcp" "5" "4796" "" "" "" "" "" "" "" " len 60" "3082" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "649" "ipa3" "dmz-www" "tcp" "5" "4797" "" "" "" "" "" "" "" " len 60" "3083" "14Mar2000" "130723" "nei0" "fw" "log" "accept" "705" "ipa3" "dmz-www" "tcp" "5" "4798" "" "" "" "" "" "" "" " len 60" 1.2.4 RealSecure System Agent 1.2.5 Syslog, - 4 -
1.3 TCP fin 1.3.1 RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 2099,2000/3/14 131515,Port_Scan,6,43662,131,43662,131,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE 8,,0,,0,192.168.10.11,FALSE,0 2100,2000/3/14 131532,Port_Scan,6,57854,289,57854,289,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,00C0F6B30F12,,002018645CE 8,,0,,0,192.168.10.11,FALSE,0 2101,2000/3/14 131548,Port_Scan,6,43840,208,43840,208,1728123052,169126080,172.16.1.103,192.168.20.10,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,0,192.168.10.11,FALSE,0-5 -
1.3.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 14413,2000/3/14 131515,Port_Scan,6,43662,131,43662,131,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761EE A,,0,,0,192.168.20.11,FALSE,0 14414,2000/3/14 131532,Port_Scan,6,57854,289,57854,289,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E50 5,,0,,0,192.168.20.11,FALSE,0 1.3.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "6100" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "" "ipa3" "dmz-mail" "icmp" "4" "" "" "" "" "" "" "" "" " icmp-type 8 icmp-cod e 0" "6101" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "43682" "" "" "" "" "" "" "" " len 40" "6102" "14Mar2000" "131515" "nei1" "fw" "log" "accept" "" "dmz-mail" "ipa3" "icmp" "8" "" "" "" "" "" "" "" "" " icmp-type 0 icmp-cod e 0" "6103" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "251" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6104" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "867" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6105" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "975" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6106" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "CreativePartnerClnt" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6107" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "2784" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6108" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "usenet" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" "6109" "14Mar2000" "131515" "nei0" "fw" "log" "accept" "x400-snd" "ipa3" "dmz-mail" "tcp" "4" "43662" "" "" "" "" "" "" "" " len 40" (snip 4485 records) "10594" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "printer" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10595" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "92" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10596" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "445" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10597" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "1491" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10598" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "2010" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10599" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "22289" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10600" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "879" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10601" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "666" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10602" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "nbsession" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10603" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "284" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" "10604" "14Mar2000" "131554" "nei0" "fw" "log" "reject" "179" "ipa3" "fw-dmz" "tcp" "9" "43840" "" "" "" "" "" "" "" " len 40" 1.3.4 RealSecure System Agent 1.3.5 Syslog, - 6 -
1.4 TCP NULL 1.4.1 RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 2102,2000/3/14 132018,IPHalfScan,6,45876,556,45876,Remotefs,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,0020186 45CE8,,0,,0,192.168.10.11,FALSE,0 2103,2000/3/14 132018,IPHalfScan,6,45876,182,45876,182,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,0,192.168.10.11,FALSE,0 2104,2000/3/14 132018,IPHalfScan,6,45876,154,45876,154,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,0,192.168.10.11,FALSE,0 2105,2000/3/14 132018,IPHalfScan,6,45876,2232,45876,2232,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645 CE8,,0,,0,192.168.10.11,FALSE,0 2106,2000/3/14 132018,IPHalfScan,6,45876,67,45876,67,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645CE8,,0,,0,192.168.10.11,FALSE,0 2107,2000/3/14 132018,IPHalfScan,6,45876,650,45876,650,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,0,192.168.10.11,FALSE,0 2108,2000/3/14 132018,IPHalfScan,6,45876,775,45876,775,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,0,192.168.10.11,FALSE,0 2109,2000/3/14 132018,IPHalfScan,6,45876,5000,45876,5000,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645 CE8,,0,,0,192.168.10.11,FALSE,0 2110,2000/3/14 132018,IPHalfScan,6,45876,390,45876,390,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,0,192.168.10.11,FALSE,0 2111,2000/3/14 132018,IPHalfScan,6,45876,855,45876,855,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,0,192.168.10.11,FALSE,0 (snip 9011 records) 11121,2000/3/14 132131,IPHalfScan,6,40214,784,40214,784,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,00201864 5CE8,,0,,0,192.168.10.11,FALSE,0 11122,2000/3/14 132131,IPHalfScan,6,40214,776,40214,776,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,00201864 5CE8,,0,,0,192.168.10.11,FALSE,0 11123,2000/3/14 132131,IPHalfScan,6,40214,6143,40214,6143,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,0020186 45CE8,,0,,0,192.168.10.11,FALSE,0 11124,2000/3/14 132131,IPHalfScan,6,40214,573,40214,573,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,00201864 5CE8,,0,,0,192.168.10.11,FALSE,0 11125,2000/3/14 132131,IPHalfScan,6,40214,2106,40214,2106,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,0020186 45CE8,,0,,0,192.168.10.11,FALSE,0 11126,2000/3/14 132131,IPHalfScan,6,40215,415,40215,415,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,00201864 5CE8,,0,,0,192.168.10.11,FALSE,0 11127,2000/3/14 132133,IPHalfScan,6,40215,288,40215,288,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,00201864 5CE8,,0,,0,192.168.10.11,FALSE,0 11128,2000/3/14 132133,IPHalfScan,6,40215,784,40215,784,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,00201864 5CE8,,0,,0,192.168.10.11,FALSE,0 11129,2000/3/14 132133,IPHalfScan,6,40215,776,40215,776,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,00201864 5CE8,,0,,0,192.168.10.11,FALSE,0 11130,2000/3/14 132133,IPHalfScan,6,40215,6143,40215,6143,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,0020186 45CE8,,0,,0,192.168.10.11,FALSE,0 11131,2000/3/14 132133,IPHalfScan,6,40215,573,40215,573,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,00201864 5CE8,,0,,0,192.168.10.11,FALSE,0 11132,2000/3/14 132133,IPHalfScan,6,40215,2106,40215,2106,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,0020186 45CE8,,0,,0,192.168.10.11,FALSE,0-7 -
1.4.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 14415,2000/3/14 132018,IPHalfScan,6,45876,556,45876,Remotefs,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020 761EEA,,0,,0,192.168.20.11,FALSE,0 14416,2000/3/14 132018,IPHalfScan,6,45876,182,45876,182,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761E EA,,0,,0,192.168.20.11,FALSE,0 14417,2000/3/14 132018,IPHalfScan,6,45876,154,45876,154,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761E EA,,0,,0,192.168.20.11,FALSE,0 14418,2000/3/14 132018,IPHalfScan,6,45876,2232,45876,2232,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761 EEA,,0,,0,192.168.20.11,FALSE,0 14419,2000/3/14 132018,IPHalfScan,6,45876,67,45876,67,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761EE A,,0,,0,192.168.20.11,FALSE,0 14420,2000/3/14 132018,IPHalfScan,6,45876,650,45876,650,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761E EA,,0,,0,192.168.20.11,FALSE,0 14421,2000/3/14 132018,IPHalfScan,6,45876,775,45876,775,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761E EA,,0,,0,192.168.20.11,FALSE,0 14422,2000/3/14 132018,IPHalfScan,6,45876,5000,45876,5000,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761 EEA,,0,,0,192.168.20.11,FALSE,0 14423,2000/3/14 132018,IPHalfScan,6,45876,390,45876,390,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761E EA,,0,,0,192.168.20.11,FALSE,0 14424,2000/3/14 132018,IPHalfScan,6,45876,855,45876,855,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761E EA,,0,,0,192.168.20.11,FALSE,0 (snip 3087 records) 17512,2000/3/14 132041,IPHalfScan,6,43457,8,43457,8,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E505,,0,,0,192.168.20.11,FALSE,0 17513,2000/3/14 132041,IPHalfScan,6,43457,587,43457,587,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E5 05,,0,,0,192.168.20.11,FALSE,0 17514,2000/3/14 132041,IPHalfScan,6,43457,500,43457,500,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E5 05,,0,,0,192.168.20.11,FALSE,0 17515,2000/3/14 132041,IPHalfScan,6,43457,20,43457,FTP-Data,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C0262 6E505,,0,,0,192.168.20.11,FALSE,0 17516,2000/3/14 132041,IPHalfScan,6,43457,62,43457,62,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E505,,0,,0,192.168.20.11,FALSE,0 17517,2000/3/14 132045,IPHalfScan,6,43457,1378,43457,1378,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626 E505,,0,,0,192.168.20.11,FALSE,0 17518,2000/3/14 132045,IPHalfScan,6,43457,1371,43457,1371,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626 E505,,0,,0,192.168.20.11,FALSE,0 17519,2000/3/14 132045,IPHalfScan,6,43457,467,43457,467,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E5 05,,0,,0,192.168.20.11,FALSE,0 17520,2000/3/14 132045,IPHalfScan,6,43457,451,43457,451,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E5 05,,0,,0,192.168.20.11,FALSE,0 17521,2000/3/14 132045,IPHalfScan,6,43457,909,43457,909,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E5 05,,0,,0,192.168.20.11,FALSE,0-8 -
1.4.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "10605" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "" "ipa3" "dmz-mail" "icmp" "4" "" "" "" "" "" "" "" "" " icmp-type 8 icmp-co de 0" "10606" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "45896" "" "" "" "" "" "" "" " len 40" "10607" "14Mar2000" "132018" "nei1" "fw" "log" "accept" "" "dmz-mail" "ipa3" "icmp" "8" "" "" "" "" "" "" "" "" " icmp-type 0 icmp-co de 0" "10608" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "556" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10609" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "182" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10610" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "154" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10611" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "2232" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10612" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "67" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10613" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "650" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" "10614" "14Mar2000" "132018" "nei0" "fw" "log" "accept" "775" "ipa3" "dmz-mail" "tcp" "4" "45876" "" "" "" "" "" "" "" " len 40" (snip 3032 records) "13647" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "8" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13648" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "587" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13649" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "500" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13650" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "ftp-data" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13651" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "62" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13652" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "1378" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13653" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "1371" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13654" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "467" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13655" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "451" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" "13656" "14Mar2000" "132041" "nei0" "fw" "log" "accept" "909" "ipa3" "dmz-www" "tcp" "5" "43457" "" "" "" "" "" "" "" " len 40" 1.4.4 RealSecure System Agent 1.4.5 Syslog, - 9 -
1.5 UDP ICMP Unreachable 1.5.1 RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 11133,2000/3/14 132524,UDP_Port_Scan,17,53173,497,53173,497,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018 645CE8,,0,,0,192.168.10.11,FALSE,0 11134,2000/3/14 133659,UDP_Port_Scan,17,53173,271,53173,271,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018 645CE8,,0,,0,192.168.10.11,FALSE,0 11135,2000/3/14 135141,UDP_Port_Scan,17,46019,778,46019,778,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,00C0F6B30F12,,002018 645CE8,,0,,0,192.168.10.11,FALSE,0 11136,2000/3/14 135211,UDP_Port_Scan,17,40078,391,40078,391,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018 645CE8,,0,,0,192.168.10.11,FALSE,0 11137,2000/3/14 135338,UDP_Port_Scan,17,53385,261,53385,261,1728123052,169781440,172.16.1.103,192.168.30.10,,,,1,FALSE,00C0F6B30F12,,0020 18645CE8,,0,,0,192.168.10.11,FALSE,0 11138,2000/3/14 135417,UDP_Port_Scan,17,43605,676,43605,676,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018 645CE8,,0,,0,192.168.10.11,FALSE,0 1.5.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 17522,2000/3/14 132524,UDP_Port_Scan,17,53173,497,53173,497,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020 761EEA,,0,,0,192.168.20.11,FALSE,0 17523,2000/3/14 135140,UDP_Port_Scan,17,46019,778,46019,778,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C026 26E505,,0,,0,192.168.20.11,FALSE,0 17524,2000/3/14 135211,UDP_Port_Scan,17,40078,391,40078,391,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020 761EEA,,0,,0,192.168.20.11,FALSE,0-10 -
1.5.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "13664" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "523" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13665" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "89" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13666" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "955" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13667" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "232" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13668" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "469" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13669" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "351" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13670" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "1986" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13671" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "808" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13672" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "2307" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" "13673" "14Mar2000" "132524" "nei0" "fw" "log" "accept" "878" "ipa3" "dmz-mail" "udp" "4" "53173" "" "" "" "" "" "" "" " len 28" (snip 7108 records) "20782" "14Mar2000" "135748" "nei0" "fw" "log" "accept" "7650" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20783" "14Mar2000" "135752" "nei0" "fw" "log" "accept" "569" "ipa3" "dmz-mail" "udp" "4" "43606" "" "" "" "" "" "" "" " len 28" "20784" "14Mar2000" "135753" "nei0" "fw" "log" "accept" "312" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20785" "14Mar2000" "135753" "nei0" "fw" "log" "accept" "455" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20786" "14Mar2000" "135757" "nei0" "fw" "log" "accept" "312" "ipa3" "dmz-mail" "udp" "4" "43606" "" "" "" "" "" "" "" " len 28" "20787" "14Mar2000" "135757" "nei0" "fw" "log" "accept" "144" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20788" "14Mar2000" "135757" "nei0" "fw" "log" "accept" "106" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20789" "14Mar2000" "135801" "nei0" "fw" "log" "accept" "144" "ipa3" "dmz-mail" "udp" "4" "43606" "" "" "" "" "" "" "" " len 28" "20790" "14Mar2000" "135801" "nei0" "fw" "log" "accept" "201" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" "20791" "14Mar2000" "135802" "nei0" "fw" "log" "accept" "941" "ipa3" "dmz-mail" "udp" "4" "43605" "" "" "" "" "" "" "" " len 28" 1.5.4 RealSecure System Agent 1.5.5 Syslog, - 11 -
1.6 finger 1.6.1 RealSecure Network Engine 1 1.6.2 RealSecure Network Engine 2 1.6.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "28962" "14Mar2000" "144045" "nei0" "fw" "log" "accept" "finger" "ipa3" "dmz-mail" "tcp" "4" "1522" "" "" "" "" "" "" "" " len 60" "28963" "14Mar2000" "144103" "nei0" "fw" "log" "accept" "finger" "ipa3" "dmz-mail" "tcp" "4" "1523" "" "" "" "" "" "" "" " len 60" "28964" "14Mar2000" "144113" "nei0" "fw" "log" "accept" "finger" "ipa3" "dmz-www" "tcp" "5" "ingreslock" "" "" "" "" "" "" "" " len 6 0" "28965" "14Mar2000" "144123" "nei0" "fw" "log" "accept" "finger" "ipa3" "dmz-www" "tcp" "5" "1525" "" "" "" "" "" "" "" " len 60" 1.6.4 RealSecure System Agent 1.6.5 Syslog, - 12 -
1.7 phf 1.7.1 RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 11546,2000/3/14 144353,HTTP_PHF,6,1526,80,1526,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,1,192.168.10.11,FALSE,0 11547,2000/3/14 144353,HTTP_Unix_Passwords,6,1526,80,1526,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,00 2018645CE8,,0,,1,192.168.10.11,FALSE,0 11548,2000/3/14 144438,HTTP_PHF,6,1527,80,1527,HTTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,00C0F6B30F12,,002018645C E8,,0,,1,192.168.10.11,FALSE,0 11549,2000/3/14 144438,HTTP_Unix_Passwords,6,1527,80,1527,HTTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,00C0F6B30F12,,00 2018645CE8,,0,,1,192.168.10.11,FALSE,0 1.7.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 17541,2000/3/14 144353,HTTP_PHF,6,1526,80,1526,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020761E EA,,0,,1,192.168.20.11,FALSE,0 17542,2000/3/14 144353,HTTP_Unix_Passwords,6,1526,80,1526,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080 020761EEA,,0,,1,192.168.20.11,FALSE,0 17543,2000/3/14 144438,HTTP_PHF,6,1527,80,1527,HTTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C02626E5 05,,0,,1,192.168.20.11,FALSE,0 17544,2000/3/14 144438,HTTP_Unix_Passwords,6,1527,80,1527,HTTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,1,FALSE,002018645CE6,,00C 02626E505,,0,,1,192.168.20.11,FALSE,0 1.7.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "28974" "14Mar2000" "144330" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "1526" "" "" "" "" "" "" "" " len 60" "28975" "14Mar2000" "144415" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-www" "tcp" "5" "1527" "" "" "" "" "" "" "" " len 60" 1.7.4 RealSecure System Agent 1.7.5 Syslog, 1.7.6 Apache 172.16.1.103 --[14/Mar/2000144353 +0900] "GET /cgi-bin/phf?q=%0acat%20/etc/passwd" 200 571 1.7.7 IIS 172.16.1.103, -, 00/03/14, 144440, W3SVC1, WWW, 192.168.20.3, 20, 41, 611, 404, 2, GET, /cgi-bin/phf, Q=%0Acat%20/etc/passwd, - 13 -
1.8 nph-test-cgi 1.8.1 RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 11550,2000/3/14 144530,HTTP_NphTestCgi,6,1528,80,1528,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018 645CE8,,0,,1,192.168.10.11,FALSE,0 1.8.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 17545,2000/3/14 144531,HTTP_NphTestCgi,6,1528,80,1528,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080020 761EEA,,0,,1,192.168.20.11,FALSE,0-14 -
1.8.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "28979" "14Mar2000" "144525" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "1528" "" "" "" "" "" "" "" " len 60" 1.8.4 RealSecure System Agent 1.8.5 Syslog, 1.8.6 Apache 172.16.18.71 --[09/Mar/2000170613 +0900] "GET /cgi-bin/nph-test-cgi?/* HTTP/1.1" 200 - - 15 -
1.9 php 1.9.1 RealSecure Network Engine 1 11551,2000/3/14 144655,HTTP_PHP_Read,6,1529,80,1529,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,002018 645CE8,,0,,1,192.168.10.11,FALSE,0 11552,2000/3/14 144655,HTTP_Unix_Passwords,6,1529,80,1529,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,00C0F6B30F12,,00 2018645CE8,,0,,1,192.168.10.11,FALSE,0 1.9.2 RealSecure Network Engine 2 17546,2000/3/14 144655,HTTP_PHP_Read,6,1529,80,1529,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,0800207 61EEA,,0,,1,192.168.20.11,FALSE,0 17547,2000/3/14 144655,HTTP_Unix_Passwords,6,1529,80,1529,HTTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,1,FALSE,002018645CE6,,080 020761EEA,,0,,1,192.168.20.11,FALSE,0 1.9.3 FireWall-1 No Date Time Inter. Origin Type Action Service Source Destination Proto. Rule S_Port User SrcKeyID DstKeyID XlateSrc XlateDst XLateSPort XlateDPort Info. "28980" "14Mar2000" "144542" "nei0" "fw" "log" "accept" "http" "ipa3" "dmz-mail" "tcp" "4" "1529" "" "" "" "" "" "" "" " len 60" 1.9.4 RealSecure System Agent - 16 -
1.9.5 Syslog, 1.9.6 Apache 172.16.18.71 --[09/Mar/2000170445 +0900] "GET /cgi-bin/php.cgi?/etc/passwd HTTP/1.1" 200 502-17 -
1.10 ftp 1.10.1 RealSecure Network Engine 1 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 11553,2000/3/14 154356,FTP_Syst,6,1532,21,1532,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11554,2000/3/14 154357,FTP_Syst,6,1533,21,1533,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11555,2000/3/14 154358,FTP_Syst,6,1534,21,1534,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11556,2000/3/14 154359,FTP_Syst,6,1535,21,1535,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11557,2000/3/14 154400,FTP_Syst,6,1536,21,1536,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11558,2000/3/14 154401,FTP_Syst,6,1537,21,1537,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11559,2000/3/14 154402,FTP_Syst,6,1538,21,1538,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11560,2000/3/14 154403,FTP_Syst,6,1539,21,1539,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11561,2000/3/14 154405,FTP_Syst,6,1540,21,1540,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11562,2000/3/14 154406,FTP_Syst,6,1541,21,1541,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 (snip 222 records) 11783,2000/3/14 154944,FTP_Syst,6,1762,21,1762,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11784,2000/3/14 154944,FTP_Syst,6,1763,21,1763,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11785,2000/3/14 154944,FTP_Syst,6,1764,21,1764,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11786,2000/3/14 154945,FTP_Syst,6,1765,21,1765,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11787,2000/3/14 154945,FTP_Syst,6,1766,21,1766,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11788,2000/3/14 154945,FTP_Syst,6,1767,21,1767,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11789,2000/3/14 154945,FTP_Syst,6,1768,21,1768,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11790,2000/3/14 154946,FTP_Syst,6,1769,21,1769,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11791,2000/3/14 154946,FTP_Syst,6,1770,21,1770,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11792,2000/3/14 154946,FTP_Syst,6,1771,21,1771,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11793,2000/3/14 154946,FTP_Syst,6,1772,21,1772,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0 11794,2000/3/14 154946,FTP_Syst,6,1773,21,1773,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,00C0F6B30F12,,002018645CE8,, 0,,0,192.168.10.11,FALSE,0-18 -
- 19 -
1.10.2 RealSecure Network Engine 2 ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType 17548,2000/3/14 154356,FTP_Syst,6,1532,21,1532,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17549,2000/3/14 154357,FTP_Syst,6,1533,21,1533,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17550,2000/3/14 154358,FTP_Syst,6,1534,21,1534,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17551,2000/3/14 154359,FTP_Syst,6,1535,21,1535,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17552,2000/3/14 154400,FTP_Syst,6,1536,21,1536,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17553,2000/3/14 154401,FTP_Syst,6,1537,21,1537,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17554,2000/3/14 154402,FTP_Syst,6,1538,21,1538,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17555,2000/3/14 154403,FTP_Syst,6,1539,21,1539,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17556,2000/3/14 154404,FTP_Syst,6,1540,21,1540,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 17557,2000/3/14 154406,FTP_Syst,6,1541,21,1541,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,FALSE,002018645CE6,,080020761EEA,, 0,,0,192.168.20.11,FALSE,0 (snip 222 records) 17780,2000/3/14 154945,FTP_Syst,6,1764,21,1764,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17781,2000/3/14 154945,FTP_Syst,6,1765,21,1765,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17782,2000/3/14 154945,FTP_Syst,6,1766,21,1766,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17783,2000/3/14 154945,FTP_Syst,6,1767,21,1767,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17784,2000/3/14 154945,FTP_Syst,6,1768,21,1768,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17785,2000/3/14 154946,FTP_Syst,6,1769,21,1769,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17786,2000/3/14 154946,FTP_Syst,6,1770,21,1770,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17787,2000/3/14 154946,FTP_Syst,6,1771,21,1771,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17788,2000/3/14 154946,FTP_Syst,6,1772,21,1772,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0 17789,2000/3/14 154947,FTP_Syst,6,1773,21,1773,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,FALSE,002018645CE6,,00C02626E505,, 0,,0,192.168.20.11,FALSE,0-20 -