• Part I
  • sun managers I
• Part D
  • sun managers D
• Part L
  • sun managers L
• Part H
  • sun managers H
• Part B
  • sun managers B
• Part E
  • sun managers E
• Part J
  • sun managers J
• Part F
  • sun managers F
• Part C
  • sun managers C
• Part K
  • sun managers K

SITEMAP

OT: help with log analysis

Looking for some help. ACL log files from cisco router. Host 65.165.174.18
is on our net, but was down when these logs were recorded. Owner took it
down due to suspected compromise. How would you intrepret these entries ?

Apr 16 07:26:57.664 PDT: 133 permitted tcp 170.208.15.82(477) ->
65.165.174.18(6588), 1 packet
Apr 16 07:29:12.926 PDT: 133 permitted tcp 66.59.145.10(60962) ->
65.165.174.18(49152), 1 packet
Apr 16 08:02:57.527 PDT: 133 permitted tcp 66.59.145.10(33659) ->
65.165.174.18(49152), 1 packet
Apr 16 08:08:44.654 PDT: 133 permitted tcp 66.59.145.10(33659) ->
65.165.174.18(49152), 4 packets
Apr 16 08:18:47.337 PDT: 133 permitted tcp 68.120.225.33(49152) ->
65.165.174.18(22), 1 packet
Apr 16 08:24:44.972 PDT: 133 permitted tcp 68.120.225.33(49152) ->
65.165.174.18(22), 5 packets
Apr 16 08:32:38.169 PDT: 133 permitted tcp 66.59.145.10(34353) ->
65.165.174.18(49152), 1 packet
Apr 16 08:37:45.227 PDT: 133 permitted tcp 66.59.145.10(34353) ->
65.165.174.18(49152), 3 packets
Apr 16 08:52:55.276 PDT: 133 permitted tcp 66.59.145.10(34817) ->
65.165.174.18(49152), 1 packet
Apr 16 08:58:45.662 PDT: 133 permitted tcp 66.59.145.10(34817) ->
65.165.174.18(49152), 3 packets
Apr 16 08:59:55.620 PDT: 133 permitted icmp 216.79.10.135 -> 65.165.174.18
(8/0), 1 packet
Apr 16 09:09:38.815 PDT: 133 permitted tcp 66.59.145.10(35195) ->
65.165.174.18(49152), 1 packet
Apr 16 09:14:46.004 PDT: 133 permitted tcp 66.59.145.10(35195) ->
65.165.174.18(49152), 3 packets
Apr 16 09:54:18.100 PDT: 133 permitted tcp 66.59.145.10(36359) ->
65.165.174.18(49152), 1 packet
Apr 16 09:59:47.010 PDT: 133 permitted tcp 66.59.145.10(36359) ->
65.165.174.18(49152), 3 packets
Apr 16 10:12:33.749 PDT: 133 permitted icmp 217.234.234.246 ->
65.165.174.18 (8/0), 1 packet
Apr 16 10:22:04.135 PDT: 133 permitted tcp 66.59.145.10(37237) ->
65.165.174.18(49152), 1 packet
Apr 16 10:27:47.622 PDT: 133 permitted tcp 66.59.145.10(37237) ->
65.165.174.18(49152), 3 packets
Apr 16 10:54:35.228 PDT: 133 permitted tcp 66.59.145.10(38282) ->
65.165.174.18(49152), 1 packet
Apr 16 10:59:48.585 PDT: 133 permitted tcp 66.59.145.10(38282) ->
65.165.174.18(49152), 2 packets
Apr 16 11:21:39.602 PDT: 133 permitted tcp 66.59.145.10(39090) ->
65.165.174.18(49152), 1 packet
Apr 16 11:26:49.536 PDT: 133 permitted tcp 66.59.145.10(39090) ->
65.165.174.18(49152), 3 packets
Apr 16 12:02:16.511 PDT: 133 permitted tcp 66.59.145.10(40099) ->
65.165.174.18(49152), 1 packet
Apr 16 12:07:51.081 PDT: 133 permitted tcp 66.59.145.10(40099) ->
65.165.174.18(49152), 3 packets

--

Karyn Williams, CNE
Network Services Manager
California Institute of the Arts
karyn at calarts.edu
http://www.calarts.edu/network

Comments

"sun managers E [Part E]" Sponsored Links

• "sun managers E [Part E]" New Questiones!

  • OT: Fujitsu hardware
  • OT: Free RAM to Good Home
  • OT: Error while encapsulating the bootdisk under veritas volume mnager
  • OT: Documentation System.
  • OT: convert MMDF mailboxes into mbox-format
  • OT: Compiling Cyrus-SASL 1.5.28 on Solaris 9
  • OT: Brocade Switch Question
  • OT: Awk script specific to Solaris Box
  • OT - zlib compile problem
  • OT - sendmail.cf question
  • OT - Disk Suite list
  • OS won't see my new RAID size?
  • OS update
  • OS Patches for apache and veritas, oracle, OS
  • OS disk portions
  • OS backup/DRP
  • order of network interfaces at the boot
  • Oracle startup
  • Oracle Shared memory
  • oracle processes in Kernel-level.......kill -9 doesnt work.

Copyright © 2008 thatsjava.com • All rights reserved • CMS Theme by WebmasterFund.com - 0.188