Daily Intrusion Prevention System Dashboard
Daily Intrusion Prevention System Dashboard
Daily Intrusion Prevention System Dashboard
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Daily</strong> <strong>Intrusion</strong> <strong>Prevention</strong> <strong>System</strong> <strong>Dashboard</strong> dimanche mars 7, 2010<br />
IPS - Computers Targeted by and Sending Potential Threats<br />
Top Computer Targetted<br />
Number of Computers<br />
Internal Target of Internal Threats 192.168.0.201<br />
9<br />
Internal Target of Inbound Threats 192.168.0.92<br />
3<br />
External Target of Outbound Threats nsp-fi1.interbusiness.it(85.37.17.5)<br />
Top Source Computer<br />
4<br />
Number of Computers<br />
Internal Source of Internal Threats 192.168.0.52<br />
6<br />
External Source of Inbound Threats 207.46.104.20<br />
59<br />
Internal Source of Outbound Threats 192.168.0.92<br />
1<br />
IPS Filtered Traffic - Hourly Activity<br />
Inbound<br />
Internal<br />
Accepted:<br />
Number of Hits:<br />
Blocked:<br />
Number of Hits:<br />
65<br />
1<br />
Accepted:<br />
Number of Hits:<br />
Blocked:<br />
Number of Hits:<br />
146<br />
37<br />
IPS Filtered Traffic - Flow<br />
Accepted<br />
Inbound<br />
65<br />
Blocked<br />
1<br />
Total<br />
66<br />
Outbound<br />
Accepted:<br />
Number of Hits:<br />
Blocked:<br />
Number of Hits:<br />
26<br />
Outbound<br />
Internal<br />
26<br />
146<br />
37<br />
26<br />
183<br />
IPS - Top 5 Potential Threats<br />
Short Description Severity Events<br />
SMB.DCERPC.Registry.OpenHKLM.139 1 108<br />
edonkey 1 48<br />
SMB.DCERPC.NetRemoteTOD.445 1 26<br />
CyberKit.2.2 1 21<br />
SMB.DCERPC.SamrEnumerateAliasesInDomain.139 1 21<br />
Total Top 5 Attacks<br />
224<br />
IPS - Top 5 Services Targeted by Potential Threats<br />
Total<br />
139<br />
1 129 130<br />
445<br />
33 33<br />
53<br />
25 25<br />
0<br />
1 21 22<br />
3843<br />
10 10<br />
Total Top 5 Services: 12 25 183 220<br />
Report printed on lundi mars 8, 2010 at 15:41 <strong>Dashboard</strong> created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 1/19
Events by Hour of the Day - Graph dimanche mars 7, 2010<br />
Accepted Traffic<br />
Blocked Traffic<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 2/19
Events by Hour of the Day - Data<br />
dimanche mars 7, 2010<br />
Hour<br />
Inbound Outbound Internal<br />
Total Hits<br />
Accepted Blocked Accepted Blocked Accepted Blocked Accepted Blocked Total<br />
00:00 4<br />
4<br />
01:00 4<br />
4<br />
02:00 4<br />
4<br />
03:00 2<br />
2<br />
04:00 4 5<br />
4<br />
05:00 6<br />
6<br />
06:00 2<br />
2<br />
07:00 4<br />
4<br />
08:00 4<br />
4<br />
09:00 2 4<br />
6<br />
10:00 4 2<br />
4<br />
11:00 6<br />
6<br />
12:00 5 2<br />
5<br />
13:00 4<br />
4<br />
14:00 3 10<br />
13<br />
15:00 6 11 2<br />
17<br />
16:00 50 23 9 3<br />
82<br />
17:00 4 10 2<br />
14<br />
18:00 12 10<br />
12<br />
19:00 3 1 19 11<br />
22<br />
20:00 6<br />
6<br />
21:00 4<br />
4<br />
22:00 4<br />
4<br />
23:00 4<br />
4<br />
Total for dimanche mars 7, 2010 65 1 26 146 37<br />
237<br />
38<br />
275<br />
5<br />
2<br />
2<br />
2<br />
3<br />
2<br />
10<br />
12<br />
4<br />
4<br />
4<br />
2<br />
9<br />
6<br />
2<br />
4<br />
4<br />
6<br />
6<br />
6<br />
7<br />
4<br />
13<br />
19<br />
85<br />
16<br />
22<br />
34<br />
6<br />
4<br />
4<br />
4<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 3/19
Top 25 Attacks - Graph dimanche mars 7, 2010<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 4/19
Top 25 Attacks - Data<br />
dimanche mars 7, 2010<br />
Attack Category<br />
Attack Name<br />
Severity<br />
Total Attacks<br />
netbios SMB.DCERPC.Registry.OpenHKLM.139 1 - High<br />
p2p edonkey 1 - High<br />
netbios SMB.DCERPC.NetRemoteTOD.445 1 - High<br />
icmp CyberKit.2.2 1 - High<br />
netbios SMB.DCERPC.SamrEnumerateAliasesInDomain.139 1 - High<br />
im msn 1 - High<br />
dns_decoder invalid_param 1 - High<br />
dns_decoder invalid_pointer 1 - High<br />
netbios SMB.DCERPC.SamrEnumerateAliasesInDomain.445 1 - High<br />
dns_decoder invalid_opcode 1 - High<br />
anomaly udp_src_session 1 - High<br />
Denial of Service Microsoft.Works.Spreadsheet.Memory.Corruption 1 - High<br />
web-misc Prozilla.Location.BufferOverflow 1 - High<br />
netbios NT.NULL.Session 1 - High<br />
Total for the above list:<br />
108<br />
48<br />
26<br />
21<br />
21<br />
15<br />
11<br />
10<br />
7<br />
4<br />
1<br />
1<br />
1<br />
1<br />
275<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 5/19
Top 25 Attacks by Severity Level<br />
dimanche mars 7, 2010<br />
Severity Level<br />
Attack Category Potential Attack Description<br />
Flux<br />
Number of Potential Attacks<br />
1 - High<br />
Total for the above list:<br />
netbios SMB.DCERPC.Registry.OpenHKLM.139<br />
Internal<br />
108<br />
p2p edonkey<br />
Inbound<br />
48<br />
netbios SMB.DCERPC.NetRemoteTOD.445<br />
Internal<br />
26<br />
icmp CyberKit.2.2<br />
Internal<br />
21<br />
netbios SMB.DCERPC.SamrEnumerateAliasesInDomain.139<br />
Internal<br />
21<br />
im msn<br />
Inbound<br />
15<br />
dns_decoder invalid_param<br />
Outbound<br />
11<br />
invalid_pointer<br />
Outbound<br />
netbios SMB.DCERPC.SamrEnumerateAliasesInDomain.445<br />
Internal<br />
7<br />
dns_decoder invalid_opcode<br />
Outbound<br />
4<br />
anomaly udp_src_session<br />
Outbound<br />
1<br />
Denial of Service Microsoft.Works.Spreadsheet.Memory.Corruption<br />
Inbound<br />
1<br />
web-misc Prozilla.Location.BufferOverflow<br />
Inbound<br />
1<br />
netbios NT.NULL.Session<br />
Inbound<br />
1<br />
275<br />
10<br />
275<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 6/19
Top 25 Blocked Attacks - Graph dimanche mars 7, 2010<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 7/19
Top 25 Blocked Attacks - Data<br />
dimanche mars 7, 2010<br />
Attack Category<br />
Attack Name Severity Flux<br />
Total Attacks<br />
netbios SMB.DCERPC.SamrEnumerateAliasesInDomain.139 1 - High Internal<br />
icmp CyberKit.2.2 1 - High Internal<br />
Denial of Service Microsoft.Works.Spreadsheet.Memory.Corruption 1 - High Inbound<br />
Total for the above list:<br />
20<br />
17<br />
1<br />
38<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 8/19
Top 5 Internal Computer(s) Targeted by the Top 5 Internal Threats dimanche mars 7, 2010<br />
Internal Computer Targeted<br />
Threat Category<br />
Potential Threat Description<br />
Number of Potential Threats<br />
192.168.0.201<br />
192.168.0.52<br />
192.168.0.249<br />
192.168.0.204<br />
192.168.0.3<br />
Total for the above list:<br />
netbios SMB.DCERPC.Registry.OpenHKLM.139<br />
108<br />
SMB.DCERPC.SamrEnumerateAliasesInDomain.139<br />
netbios SMB.DCERPC.NetRemoteTOD.445<br />
26<br />
SMB.DCERPC.SamrEnumerateAliasesInDomain.139<br />
SMB.DCERPC.SamrEnumerateAliasesInDomain.445<br />
icmp CyberKit.2.2<br />
1<br />
icmp CyberKit.2.2<br />
8<br />
netbios SMB.DCERPC.SamrEnumerateAliasesInDomain.139<br />
4<br />
icmp CyberKit.2.2<br />
3<br />
icmp CyberKit.2.2<br />
7<br />
114<br />
6<br />
42<br />
8<br />
7<br />
8<br />
7<br />
7<br />
178<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 9/19
Top 5 Internal Computer(s) Targeted by the Top 5 Inbound Threats<br />
dimanche mars 7, 2010<br />
Internal Computer Targeted<br />
Threat Category<br />
Potential Threat Description<br />
Number of Potential Threats<br />
192.168.0.92<br />
192.168.0.52<br />
192.168.0.3<br />
Total for the above list:<br />
p2p edonkey<br />
48<br />
im msn<br />
12<br />
im msn<br />
3<br />
netbios NT.NULL.Session<br />
1<br />
web-misc Prozilla.Location.BufferOverflow<br />
1<br />
Denial of Service Microsoft.Works.Spreadsheet.Memory.Corruption<br />
1<br />
60<br />
5<br />
1<br />
66<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 10/19
Top 5 External Computer(s) Targeted by the Top 5 Outbound Threats<br />
dimanche mars 7, 2010<br />
External Computer Targeted<br />
Threat Category<br />
Potential Threat Description<br />
Number of Potential Threats<br />
nsp-fi1.interbusiness.it(85.37.17.5)<br />
nsp-mi2.interbusiness.it(85.37.17.4)<br />
202.98.116.66<br />
80.179.198.162.cable.012.net.il(80.179.198.162)<br />
dns_decoder invalid_param<br />
6<br />
invalid_opcode<br />
invalid_pointer<br />
dns_decoder invalid_pointer<br />
8<br />
invalid_param<br />
dns_decoder invalid_param<br />
1<br />
anomaly udp_src_session<br />
1<br />
12<br />
4<br />
2<br />
12<br />
4<br />
1<br />
1<br />
Total for the above list:<br />
26<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 11/19
Top 5 Internal Computer(s) Sending the Top 5 Internal Threats dimanche mars 7, 2010<br />
Internal Computer Sending Threats<br />
Threat Category<br />
Potential Threat Description<br />
Number of Potential Threats<br />
192.168.0.52<br />
192.168.0.53<br />
192.168.0.82<br />
192.168.0.87<br />
192.168.0.56<br />
Total for the above list:<br />
netbios SMB.DCERPC.Registry.OpenHKLM.139<br />
108<br />
icmp CyberKit.2.2<br />
20<br />
netbios SMB.DCERPC.SamrEnumerateAliasesInDomain.139<br />
13<br />
netbios SMB.DCERPC.NetRemoteTOD.445<br />
26<br />
SMB.DCERPC.SamrEnumerateAliasesInDomain.445<br />
SMB.DCERPC.SamrEnumerateAliasesInDomain.139<br />
netbios SMB.DCERPC.SamrEnumerateAliasesInDomain.139<br />
6<br />
netbios SMB.DCERPC.SamrEnumerateAliasesInDomain.445<br />
2<br />
icmp CyberKit.2.2<br />
1<br />
141<br />
32<br />
5<br />
1<br />
6<br />
2<br />
1<br />
182<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 12/19
Top 5 External Computer(s) Sending the Top 5 Inbound Threats dimanche mars 7, 2010<br />
External Computer Sending Threats<br />
Threat Category<br />
Potential Threat Description<br />
Number of Potential Threats<br />
207.46.104.20<br />
ns20286.ovh.net(213.251.133.129)<br />
0x503e1df8.bynxx8.dynamic.dsl.tele.dk(80.62.29.248)<br />
131.Red-81-36-215.dynamicIP.rima-tde.net(81.36.215.131)<br />
188.28.185-80.rev.gaoland.net(80.185.28.188)<br />
Total for the above list:<br />
im msn<br />
7<br />
p2p edonkey<br />
2<br />
p2p edonkey<br />
1<br />
p2p edonkey<br />
1<br />
p2p edonkey<br />
1<br />
7<br />
2<br />
1<br />
1<br />
1<br />
12<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 13/19
Top 5 Internal Computer(s) Sending the Top 5 Outbound Threats dimanche mars 7, 2010<br />
Internal Computer Sending Threats<br />
Threat Category<br />
Potential Threat Description<br />
Number of Potential Threats<br />
192.168.0.92<br />
Total for the above list:<br />
dns_decoder invalid_param<br />
11<br />
invalid_pointer<br />
invalid_opcode<br />
anomaly udp_src_session<br />
1<br />
26<br />
10<br />
4<br />
26<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 14/19
Top 5 External Computers with the Top 5 Inbound Threat Detailed Results<br />
dimanche mars 7, 2010<br />
External Computer<br />
Sending Threats<br />
Internal Target Computer Service Threat Category Potential Threat Description<br />
Action<br />
Number of<br />
Threats<br />
207.46.104.20<br />
7<br />
192.168.0.92 3007 im msn<br />
Accepted<br />
4<br />
192.168.0.52 1600<br />
msn Accepted<br />
1<br />
192.168.0.92 4413<br />
msn Accepted<br />
1<br />
192.168.0.92 3225<br />
msn Accepted<br />
1<br />
ns20286.ovh.net(213.251.133.129)<br />
2<br />
192.168.0.92 3844 p2p edonkey<br />
Accepted<br />
1<br />
192.168.0.92 3746<br />
edonkey Accepted<br />
1<br />
0x503e1df8.bynxx8.dynamic.dsl.tele.dk(80.62.29.248)<br />
1<br />
192.168.0.92 4060 p2p edonkey<br />
Accepted<br />
1<br />
131.Red-81-36-215.dynamicIP.rima-tde.net(81.36.215.131)<br />
1<br />
192.168.0.92 4321 p2p edonkey<br />
Accepted<br />
1<br />
188.28.185-80.rev.gaoland.net(80.185.28.188)<br />
1<br />
192.168.0.92 4160 p2p edonkey<br />
Accepted<br />
1<br />
Total for the above list:<br />
12<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 15/19
Top 5 Internal Computers with the Top 5 Outbound Threat Detailed Results<br />
dimanche mars 7, 2010<br />
Internal Computer<br />
Sending Threats<br />
External Target Computer Service Threat Category Potential Threat Description<br />
Action<br />
Number of<br />
Threats<br />
192.168.0.92<br />
nsp-mi2.interbusiness.it(85.37.17.4)<br />
nsp-fi1.interbusiness.it(85.37.17.5)<br />
nsp-fi1.interbusiness.it(85.37.17.5)<br />
nsp-mi2.interbusiness.it(85.37.17.4)<br />
nsp-fi1.interbusiness.it(85.37.17.5)<br />
Total for the above list:<br />
53<br />
53<br />
53<br />
53<br />
53<br />
26<br />
dns_decoder invalid_pointer<br />
Accepted<br />
8<br />
invalid_param Accepted<br />
6<br />
invalid_opcode Accepted<br />
4<br />
invalid_param Accepted<br />
4<br />
invalid_pointer Accepted<br />
2<br />
26<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 16/19
Top 5 Internal Computers with the Top 5 Internal Threat Detailed Results<br />
dimanche mars 7, 2010<br />
Internal Computer<br />
Sending Threats<br />
Internal Target Computer Service Threat Category Potential Threat Description<br />
Action<br />
Number of<br />
Threats<br />
192.168.0.52<br />
192.168.0.53<br />
192.168.0.82<br />
192.168.0.87<br />
192.168.0.56<br />
141<br />
192.168.0.201 139 netbios SMB.DCERPC.Registry.OpenHKLM.139<br />
Accepted 108<br />
192.168.0.201 139<br />
SMB.DCERPC.SamrEnumerateAliasesInDomain.139 Blocked<br />
6<br />
192.168.0.249 0<br />
icmp CyberKit.2.2<br />
Blocked<br />
6<br />
192.168.0.3 0<br />
CyberKit.2.2 Blocked<br />
5<br />
192.168.0.204 139 netbios SMB.DCERPC.SamrEnumerateAliasesInDomain.139 Blocked<br />
4<br />
32<br />
192.168.0.52 445 netbios SMB.DCERPC.NetRemoteTOD.445<br />
Accepted<br />
26<br />
192.168.0.52 445<br />
SMB.DCERPC.SamrEnumerateAliasesInDomain.445 Accepted<br />
5<br />
192.168.0.52 139<br />
SMB.DCERPC.SamrEnumerateAliasesInDomain.139 Blocked<br />
1<br />
6<br />
192.168.0.52 139 netbios SMB.DCERPC.SamrEnumerateAliasesInDomain.139 Blocked<br />
5<br />
192.168.0.52 139<br />
SMB.DCERPC.SamrEnumerateAliasesInDomain.139 Accepted<br />
1<br />
2<br />
192.168.0.52 445 netbios SMB.DCERPC.SamrEnumerateAliasesInDomain.445 Accepted<br />
2<br />
1<br />
192.168.0.52 0<br />
icmp CyberKit.2.2<br />
Blocked<br />
1<br />
Total for the above list:<br />
182<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 17/19
IPS Potential Threat Categories Detected - Graph<br />
dimanche mars 7, 2010<br />
Top 5 Threat Categories Detected Sorted by the Total Number of Potential Threats.<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 18/19
Top 5 Threat Categories Detected with their Top 5 Threats<br />
dimanche mars 7, 2010<br />
Threat Category<br />
Signature<br />
Potential Threat Description<br />
Inbound<br />
Internal<br />
Outbound<br />
Total Threats<br />
netbios<br />
p2p<br />
dns_decoder<br />
icmp<br />
im<br />
FGT102039613 SMB.DCERPC.Registry.OpenHKLM.139<br />
108<br />
108<br />
FGT102039615 SMB.DCERPC.NetRemoteTOD.445<br />
26<br />
26<br />
FGT102039618 SMB.DCERPC.SamrEnumerateAliasesInDomain.139<br />
21<br />
21<br />
FGT102039619 SMB.DCERPC.SamrEnumerateAliasesInDomain.445<br />
7<br />
7<br />
FGT102039558 NT.NULL.Session<br />
1<br />
1<br />
FGT109051907 edonkey<br />
48<br />
48<br />
FGT8912909 invalid_param<br />
11<br />
11<br />
FGT8912898 invalid_pointer<br />
10<br />
10<br />
FGT8912906 invalid_opcode<br />
4<br />
4<br />
FGT17956877 CyberKit.2.2<br />
21<br />
21<br />
FGT108855298 msn<br />
15<br />
15<br />
1<br />
48<br />
15<br />
162<br />
21<br />
25<br />
163<br />
48<br />
25<br />
21<br />
15<br />
Total for the above list: 64<br />
183<br />
25<br />
272<br />
Report printed on lundi mars 8, 2010 at 15:41 Report created with Click&DECiDE Builder<br />
Powered by © Click&DECiDE Page 19/19
Change language