Re: firewall
Hi Car
Here is the excerpt from one email I received from Symantec. I have tried to preserve the formatting, apologies if it is lost in translation to the board.
C
-----Original Message-----
From:
analyzer@symantec.com [mailto:analyzer@symantec.com]
Subject: Symantec DeepSight Analyzer Scheduled Summary (76 new events).
DeepSight Analyzer Daily Summary
Event Activity Report for capaill.
Date Range: 2/19/2005 11:35:50 AM - 2/20/2005 11:00:00 AM GMT
Time of last upload: Feb 20 2005 10:49AM
New events since last report: 76
Total number of events reported: 493
Number of new distinct attacking IP's: 57
Top Attacks Since Last Report Severity Count Last Event Date
-------------------------------------- -------- ----- ------------------
Generic Connection Denied Event Low 76 2/20/05 9:00 AM
Top 7 Attacking IP's # Events
-------------------------------------- -----------
195.218.21.171 3
195.218.26.50 3
195.218.27.37 3
195.218.29.12 3
67.18.222.234 2
70.68.45.96 2
169.254.176.108 2
Top 5 Attacking Countries # Events
-------------------------------------- -----------
Luxembourg 26
United States 18
United Kingdom 9
Ireland 6
Top 7 Targeted Ports # Events
-------------------------------------- -----------
445 (microsoft-ds ) 58
139 (netbios-ssn) 4
137 (netbios-ns) 3
6346 (gnutella-svc ) 3
1026 (unknown) 1
1027 (unknown) 1
2428 (ott ) 1