6. Network Protection
Packet Filter / Firewall
TOP10 dropped source hosts
Total dropped packets: 7 507 278
Source IP Hostname Packets %
lan 192.168.1.175 Router Sistemas Pruebas 1 970 493 26.25
lan 192.168.22.189 iphone yukako 954 940 12.72
lan 192.168.22.185 Jose Feijoo Personal 450 898 6.01
lan 192.168.1.250 lapto personal pablo MAcbook 317 490 4.23
lan 192.168.22.221 Javier Cotin Macbook 264 654 3.53
lan 192.168.22.76 Amanda Herrick 176 732 2.35
lan 192.168.22.8 Andrew Laptop 172 190 2.29
lan 192.168.1.9 Lorenz_EquipoPErsonalW 164 612 2.19
lan 192.168.1.186 Laptop-IT 157 658 2.10
lan 192.168.22.153 iphone johanna carrion 110 763 1.48
TOP10 dropped destination hosts
Total dropped packets: 7 507 278
Destination IP Hostname Packets %
us 17.173.254.222 17.173.254.222 887 299 11.82
us 17.154.239.222 17.154.239.222 500 999 6.67
us 17.173.255.222 17.173.255.222 493 033 6.57
us 17.173.254.223 17.173.254.223 448 568 5.98
co 190.103.114.2 1_NewAccess (Address) 325 045 4.33
us 17.154.239.223 17.154.239.223 249 765 3.33
us 17.173.255.223 17.173.255.223 215 154 2.87
lan 224.0.0.1 all-systems.mcast.net 188 290 2.51
us 98.172.30.200 wsip-98-172-30-200.dc.dc.cox.net 114 302 1.52
lan 192.168.1.186 Laptop-IT 75 967 1.01
TOP10 dropped services
Total dropped packets: 7 507 278
Service Name Protocol Service Packets %
UDP 16384 953 094 12.70
UDP 16385 929 032 12.38
UDP 16386 914 116 12.18
TCP 5223 474 308 6.32
UDP 8612 303 418 4.04
HTTPS TCP 443 292 850 3.90
SNMP UDP 161 183 297 2.44
DDI-TCP-1 TCP 8888 151 725 2.02
NTP UDP 123 149 280 1.99
HTTP TCP 80 119 923 1.60
7. Intrusion Prevention System (IPS)
TOP10 Attacker
Total attack events: 214
Source IP Hostname Events %
lan 192.168.1.45 Internal mail server 37 17.29
de 129.70.208.22 unibi-smtp-b.hrz.uni-bielefeld.de 11 5.14
rs 82.117.208.243 static1-208-243.hosting.sbb.rs 9 4.21
us 198.23.213.90 198-23-213-90-host.colocrossing.com 8 3.74
us 74.217.148.111 74.217.148.111 7 3.27
ec 200.6.8.20 mail.mmrree.gob.ec 7 3.27
us 66.225.223.7 66.225.223.7 7 3.27
us 192.3.140.202 192-3-140-202-host.colocrossing.com 7 3.27
us 23.94.245.138 host.colocrossing.com 6 2.80
cn 110.190.111.61 110.190.111.61 5 2.34
TOP10 Attack Targets
Total attack events: 214
Destination IP Hostname Events %
lan 192.168.1.38 Server SIP 67 31.31
lan 192.168.1.1 0_Internal (Address) 37 17.29
lan 192.168.1.45 Internal mail server 34 15.89
lan 192.168.1.19 IT-01 16 7.48
lan 192.168.1.239 Samsung Luis Molina 10 4.67
lan 192.168.1.161 Metrerologia 6 2.80
lan 192.168.1.167 user(Pelayo Salinas ) 6 2.80
lan 192.168.1.175 Router Sistemas Pruebas 5 2.34
lan 192.168.1.190 192.168.1.190 4 1.87
lan 192.168.1.146 Natalia Tirado 4 1.87
TOP10 Attack Rules
Total attack events: 214
Rule ID Rule Name Group Events %
28556 PROTOCOL-DNS DNS query
amplification attempt
Server / Misc / DNS 54 25.23
28039 INDICATOR-COMPROMISE
Suspicious .pw dns query
Server / Misc / DNS 37 17.29
16482 BROWSER-IE Microsoft
Internet Explorer userdata
behavior memory corruption
attempt
Client / Browser 20 9.35
19099 BROWSER-WEBKIT Apple
Safari CSS font format
corruption attempt
Client / Browser 17 7.94
19321 BROWSER-FIREFOX Mozilla
Products nsCSSValue Array
Index Integer Overflow
Client / Browser 12 5.61
24155 FILE-PDF Adobe Acrobat
Reader free text annotation
invalid IT value denial of
service attempt
Client / Multimedia 11 5.14
19873 BROWSER-IE Microsoft
Internet Explorer CSS style
memory corruption attempt
Client / Browser 10 4.67