Sawmill Discussion Forum - What is this log telling you...


	7.2.15

Sawmill Discussion Forum

Subject: "What is this log telling you..."

Previous Topic | Next Topic

Conferences Support Topic #4059
Printer-friendly copy
Reading Topic #4059

rah2006
Member since Aug-29-08

Aug-29-08, 07:51 PM (PDT)

Click to add this user to your buddy list

"What is this log telling you..."

Other than it is old. It appears someone is up to no good from IP address 66.70.78.30 but what?

2003-02-08,13:10:16,2003-02-08,13:10:16,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:02" src=66.70.73.190 dst=10.100.0.102 src_port=4353 dst_port=443 translated ip=66.70.73.190 port=4353 service=https proto=6 policy_id=116 direction=incoming duration=4 sent=1506 rcvd=2167 action=Permit

2003-02-08,13:10:16,2003-02-08,13:10:16,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:14" src=10.100.0.110 dst=204.26.64.1 src_port=1030 dst_port=53 translated ip=12.36.215.10 port=1030 service=dns proto=17 policy_id=141 direction=outgoing duration=1 sent=88 rcvd=190 action=Permit

2003-02-08,13:10:24,2003-02-08,13:10:24,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:31" src=63.83.95.10 dst=12.36.215.2 service=icmp proto=1 policy_id=320001 direction=outgoing duration=0 sent=0 rcvd=128 action=Deny icmp type=8

2003-02-08,13:10:26,2003-02-08,13:10:26,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:12" src=12.129.204.243 dst=10.100.0.102 src_port=2368 dst_port=443 translated ip=12.129.204.243 port=2368 service=https proto=6 policy_id=116 direction=incoming duration=2 sent=1403 rcvd=2105 action=Permit

2003-02-08,13:10:26,2003-02-08,13:10:26,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:14" src=12.129.204.243 dst=10.100.0.102 src_port=2370 dst_port=443 translated ip=12.129.204.243 port=2370 service=https proto=6 policy_id=116 direction=incoming duration=2 sent=1395 rcvd=2081 action=Permit

2003-02-08,13:10:26,2003-02-08,13:10:26,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:17" src=12.129.204.243 dst=10.100.0.102 src_port=2371 dst_port=443 translated ip=12.129.204.243 port=2371 service=https proto=6 policy_id=116 direction=incoming duration=1 sent=1395 rcvd=2105 action=Permit

2003-02-08,13:10:26,2003-02-08,13:10:26,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:18" src=12.129.204.243 dst=10.100.0.102 src_port=2372 dst_port=443 translated ip=12.129.204.243 port=2372 service=https proto=6 policy_id=116 direction=incoming duration=2 sent=1403 rcvd=2097 action=Permit

2003-02-08,13:10:26,2003-02-08,13:10:26,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:15" src=65.104.138.226 dst=10.100.0.102 src_port=59512 dst_port=443 translated ip=65.104.138.226 port=59512 service=https proto=6 policy_id=116 direction=incoming duration=1 sent=1667 rcvd=6958 action=Permit

2003-02-08,13:10:26,2003-02-08,13:10:26,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:16" src=65.104.138.226 dst=10.100.0.102 src_port=59513 dst_port=443 translated ip=65.104.138.226 port=59513 service=https proto=6 policy_id=116 direction=incoming duration=6 sent=1071 rcvd=616 action=Permit

2003-02-08,13:10:26,2003-02-08,13:10:26,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:19" src=65.104.138.226 dst=10.100.0.102 src_port=59514 dst_port=443 translated ip=65.104.138.226 port=59514 service=https proto=6 policy_id=116 direction=incoming duration=3 sent=1368 rcvd=12797 action=Permit

2003-02-08,13:10:26,2003-02-08,13:10:26,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:19" src=65.104.138.226 dst=10.100.0.102 src_port=59515 dst_port=443 translated ip=65.104.138.226 port=59515 service=https proto=6 policy_id=116 direction=incoming duration=1 sent=1069 rcvd=616 action=Permit

2003-02-08,13:10:26,2003-02-08,13:10:26,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:23" src=10.100.0.110 dst=204.26.64.1 src_port=1030 dst_port=53 translated ip=12.36.215.10 port=1030 service=dns proto=17 policy_id=141 direction=outgoing duration=1 sent=88 rcvd=190 action=Permit

2003-02-08,13:10:34,2003-02-08,13:10:34,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:41" src=63.83.95.10 dst=12.36.215.2 service=icmp proto=1 policy_id=320001 direction=outgoing duration=0 sent=0 rcvd=128 action=Deny icmp type=8

2003-02-08,13:10:36,2003-02-08,13:10:36,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:22" src=64.106.136.190 dst=10.100.0.109 src_port=64575 dst_port=80 translated ip=64.106.136.190 port=64575 service=http proto=6 policy_id=71 direction=incoming duration=1 sent=1095 rcvd=2340 action=Permit

2003-02-08,13:10:36,2003-02-08,13:10:36,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:09:23" src=12.221.30.109 dst=10.100.0.2 src_port=2115 dst_port=80 translated ip=12.221.30.109 port=2115 service=http proto=6 policy_id=11 direction=incoming duration=60 sent=701 rcvd=263 action=Permit

2003-02-08,13:10:36,2003-02-08,13:10:36,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:23" src=65.88.186.6 dst=10.100.0.120 src_port=32868 dst_port=21 translated ip=65.88.186.6 port=32868 service=ftp proto=6 policy_id=70 direction=incoming duration=1 sent=957 rcvd=1648 action=Permit

2003-02-08,13:10:36,2003-02-08,13:10:36,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:12" src=12.129.204.243 dst=10.100.0.102 src_port=2369 dst_port=443 translated ip=12.129.204.243 port=2369 service=https proto=6 policy_id=116 direction=incoming duration=13 sent=1403 rcvd=2081 action=Permit

2003-02-08,13:10:36,2003-02-08,13:10:36,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:21" src=12.129.204.243 dst=10.100.0.102 src_port=2373 dst_port=443 translated ip=12.129.204.243 port=2373 service=https proto=6 policy_id=116 direction=incoming duration=4 sent=1387 rcvd=2169 action=Permit

2003-02-08,13:10:36,2003-02-08,13:10:36,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:25" src=12.129.204.243 dst=10.100.0.102 src_port=2374 dst_port=443 translated ip=12.129.204.243 port=2374 service=https proto=6 policy_id=116 direction=incoming duration=2 sent=1395 rcvd=2081 action=Permit

2003-02-08,13:10:36,2003-02-08,13:10:36,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:26" src=12.129.204.254 dst=10.100.0.102 src_port=3500 dst_port=443 translated ip=12.129.204.254 port=3500 service=https proto=6 policy_id=116 direction=incoming duration=1 sent=1371 rcvd=2017 action=Permit

2003-02-08,13:10:36,2003-02-08,13:10:36,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:19" src=12.129.204.241 dst=10.100.0.102 src_port=4061 dst_port=443 translated ip=12.129.204.241 port=4061 service=https proto=6 policy_id=116 direction=incoming duration=3 sent=1355 rcvd=2097 action=Permit

2003-02-08,13:10:36,2003-02-08,13:10:36,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:34" src=10.100.0.110 dst=204.26.64.1 src_port=1030 dst_port=53 translated ip=12.36.215.10 port=1030 service=dns proto=17 policy_id=141 direction=outgoing duration=1 sent=88 rcvd=190 action=Permit

2003-02-08,13:10:44,2003-02-08,13:10:44,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:51" src=63.83.95.10 dst=12.36.215.2 service=icmp proto=1 policy_id=320001 direction=outgoing duration=0 sent=0 rcvd=128 action=Deny icmp type=8

2003-02-08,13:10:46,2003-02-08,13:10:46,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:35" src=164.109.48.227 dst=10.100.0.102 src_port=54870 dst_port=443 translated ip=164.109.48.227 port=54870 service=https proto=6 policy_id=122 direction=incoming duration=1 sent=1508 rcvd=2332 action=Permit

2003-02-08,13:10:46,2003-02-08,13:10:46,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:09:32" src=12.80.24.200 dst=10.100.0.2 src_port=1186 dst_port=80 translated ip=12.80.24.200 port=1186 service=http proto=6 policy_id=11 direction=incoming duration=62 sent=705 rcvd=2402 action=Permit

2003-02-08,13:10:46,2003-02-08,13:10:46,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:31" src=12.129.204.243 dst=10.100.0.102 src_port=2376 dst_port=443 translated ip=12.129.204.243 port=2376 service=https proto=6 policy_id=116 direction=incoming duration=3 sent=1403 rcvd=2081 action=Permit

2003-02-08,13:10:46,2003-02-08,13:10:46,10.100.0.254,16,5,ns100: NetScreen Traffic Log: device_id=04000013 start_time="2003-2-8 13:10:38" src=12.129.204.243 dst=10.100.0.102 src_port=2378 dst_port=443 translated ip=12.129.204.243 port=2378 service=https proto=6 policy_id=116 direction=incoming duration=2 sent=1403

Alert | IP

Printer-friendly page | Edit | Reply | Reply With Quote | Top

dgilmore
Member since Nov-18-04
2773 posts

Sep-05-08, 04:57 PM (PDT)

Click to send private message to dgilmore

1. "RE: What is this log telling you..."
In response to message #0

Not sure what you are asking here? Are you asking what sort of mischief can be seen by these log entries?

David
Sawmill Product Support Team
support@flowerfire.com

Alert | IP

Printer-friendly page | Edit | Reply | Reply With Quote | Top

Conferences | Topics | Previous Topic | Next Topic

Home Lite Professional Enterprise Samples FAQ Downloads Purchase Manual Support Contact Us