From: Karyn Williams (karyn@calarts.edu)
Date: Wed Apr 16 2003 - 18:02:40 EDT
Looking for some help. ACL log files from cisco router. Host 65.165.174.18
is on our net, but was down when these logs were recorded. Owner took it
down due to suspected compromise. How would you intrepret these entries ?
Apr 16 07:26:57.664 PDT: 133 permitted tcp 170.208.15.82(477) ->
65.165.174.18(6588), 1 packet
Apr 16 07:29:12.926 PDT: 133 permitted tcp 66.59.145.10(60962) ->
65.165.174.18(49152), 1 packet
Apr 16 08:02:57.527 PDT: 133 permitted tcp 66.59.145.10(33659) ->
65.165.174.18(49152), 1 packet
Apr 16 08:08:44.654 PDT: 133 permitted tcp 66.59.145.10(33659) ->
65.165.174.18(49152), 4 packets
Apr 16 08:18:47.337 PDT: 133 permitted tcp 68.120.225.33(49152) ->
65.165.174.18(22), 1 packet
Apr 16 08:24:44.972 PDT: 133 permitted tcp 68.120.225.33(49152) ->
65.165.174.18(22), 5 packets
Apr 16 08:32:38.169 PDT: 133 permitted tcp 66.59.145.10(34353) ->
65.165.174.18(49152), 1 packet
Apr 16 08:37:45.227 PDT: 133 permitted tcp 66.59.145.10(34353) ->
65.165.174.18(49152), 3 packets
Apr 16 08:52:55.276 PDT: 133 permitted tcp 66.59.145.10(34817) ->
65.165.174.18(49152), 1 packet
Apr 16 08:58:45.662 PDT: 133 permitted tcp 66.59.145.10(34817) ->
65.165.174.18(49152), 3 packets
Apr 16 08:59:55.620 PDT: 133 permitted icmp 216.79.10.135 -> 65.165.174.18
(8/0), 1 packet
Apr 16 09:09:38.815 PDT: 133 permitted tcp 66.59.145.10(35195) ->
65.165.174.18(49152), 1 packet
Apr 16 09:14:46.004 PDT: 133 permitted tcp 66.59.145.10(35195) ->
65.165.174.18(49152), 3 packets
Apr 16 09:54:18.100 PDT: 133 permitted tcp 66.59.145.10(36359) ->
65.165.174.18(49152), 1 packet
Apr 16 09:59:47.010 PDT: 133 permitted tcp 66.59.145.10(36359) ->
65.165.174.18(49152), 3 packets
Apr 16 10:12:33.749 PDT: 133 permitted icmp 217.234.234.246 ->
65.165.174.18 (8/0), 1 packet
Apr 16 10:22:04.135 PDT: 133 permitted tcp 66.59.145.10(37237) ->
65.165.174.18(49152), 1 packet
Apr 16 10:27:47.622 PDT: 133 permitted tcp 66.59.145.10(37237) ->
65.165.174.18(49152), 3 packets
Apr 16 10:54:35.228 PDT: 133 permitted tcp 66.59.145.10(38282) ->
65.165.174.18(49152), 1 packet
Apr 16 10:59:48.585 PDT: 133 permitted tcp 66.59.145.10(38282) ->
65.165.174.18(49152), 2 packets
Apr 16 11:21:39.602 PDT: 133 permitted tcp 66.59.145.10(39090) ->
65.165.174.18(49152), 1 packet
Apr 16 11:26:49.536 PDT: 133 permitted tcp 66.59.145.10(39090) ->
65.165.174.18(49152), 3 packets
Apr 16 12:02:16.511 PDT: 133 permitted tcp 66.59.145.10(40099) ->
65.165.174.18(49152), 1 packet
Apr 16 12:07:51.081 PDT: 133 permitted tcp 66.59.145.10(40099) ->
65.165.174.18(49152), 3 packets
-- Karyn Williams, CNE Network Services Manager California Institute of the Arts karyn@calarts.edu http://www.calarts.edu/network _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:12 EDT