Informe de Reportes

Date 2014/10/31Type monthly

Device Organization Fundación Charles DarwinCountry ECCity QuitoSerial A1203907986D482License ID 279385Hostname shield.fcdarwin.org.ecFirmware Version 9.205-12Uptime 1 days 10 hours 35 minutes

Summary Network Usage Webadmin Logins Traffic Processed 269.8 GB Successful 71Connections handled 16 214 028 Failed 8Network Protection Console Logins Packets blocked by Firewall 7 507 278 Successful 0Packets blocked by IPS 214 Failed 8Web Filtering Up2Date Total Website Requests 3152 Requests Successful 1URLs blocked 266 Requests failed 0HTTP/S viruses blocked 0 Firmware updates installed 0HTTP/S malware blocked 0 Pattern updates installed 6Mail Filtering System Mails processed 0 System restarts 7Spam Mails blocked 0 Uplink fail-overs 0Virus Mails blocked 0 HA/Cluster failovers 0VPN VPN connections 0 VPN traffic not accounted

Resource Usage

Network Usage

TOP10 ClientsTotal Packets: 519 922 912Total Traffic: 281.3 GB IP Hostname Packets Traffic %lan 192.168.22.221 Javier Cotin Macbook 91 756 220 59.5 GB 21.16lan 192.168.1.197 Luis Fernandez PC 26 799 389 17.0 GB 6.05lan 192.168.1.19 IT-01 21 380 268 16.1 GB 5.73lan 192.168.22.34 Gabriela Samaniego Toshiba 21 792 067 15.9 GB 5.65lan 192.168.1.175 Router Sistemas Pruebas 22 521 131 10.6 GB 3.78lan 192.168.22.150 yukako 19 604 622 9.2 GB 3.29lan 192.168.1.210 Johanna XPS Laptop 10 611 710 7.5 GB 2.66lan 192.168.1.3 Patricia Jaramillo Asus 8 529 845 6.6 GB 2.36lan 192.168.1.186 Laptop-IT 10 842 295 6.1 GB 2.18lan 192.168.1.205 Jesus Jimenez 1 9 293 449 6.1 GB 2.17

TOP10 ServersTotal Packets: 519 922 954Total Traffic: 281.3 GB IP Hostname Packets Traffic %co 190.103.114.3 1_NewAccess [Mail] (Address) 28 994 143 12.4 GB 4.40us 23.201.103.144 a23-201-103-144.deploy.static.akamaitechnologies.com 9 290 049 7.4 GB 2.64ve 200.16.71.65 200.16.71.65 8 397 610 7.2 GB 2.56us 50.16.209.69 ec2-50-16-209-69.compute-1.amazonaws.com 10 467 556 7.0 GB 2.50de 85.13.151.88 dd34122.kasserver.com 4 682 086 4.1 GB 1.46es 91.192.110.214 214-110.furanet.com 4 577 536 4.1 GB 1.44us 17.253.6.232 usmia1-vip-lx-002.aaplimg.com 5 307 555 3.6 GB 1.28co 200.35.32.3 200.35.32.3 3 929 597 3.5 GB 1.24us 23.74.2.81 a23-74-2-81.deploy.static.akamaitechnologies.com 3 727 037 3.3 GB 1.16us 204.236.220.75 ec2-204-236-220-75.compute-1.amazonaws.com 4 129 203 2.9 GB 1.02

TOP10 ServicesTotal Packets: 519 922 645Total Traffic: 281.3 GBService Name Protocol Service Port Packets Traffic %HTTPS TCP 443 252 179 216 129.3 GB 45.97HTTP TCP 80 180 968 391 119.4 GB 42.47SMTP TCP 25 15 632 472 7.2 GB 2.56IMAPS TCP 993 12 619 790 6.4 GB 2.28DOMAIN UDP 53 21 518 233 2.6 GB 0.94SSH TCP 22 6 008 956 2.5 GB 0.9053195 UDP 53195 2 342 295 1.5 GB 0.5550043 TCP 50043 1 658 033 1.5 GB 0.5244843 UDP 44843 1 896 408 1.3 GB 0.45POP3S TCP 995 1 681 285 1.1 GB 0.39

TOP10 ApplicationsTotal Packets: 519 922 820Total Traffic: 281.3 GBApplication Packets Traffic %Unclassified 367 237 351 200.1 GB 71.14HTTP 22 799 805 16.0 GB 5.68Netflix Site 12 890 698 11.0 GB 3.91SSL 9 318 116 5.6 GB 1.98Google 11 208 209 5.2 GB 1.86Skype 21 451 164 4.4 GB 1.56FTP 4 744 739 4.1 GB 1.47Akamai 4 616 278 3.1 GB 1.11Dropbox 3 494 623 2.4 GB 0.84gmail 3 803 462 1.8 GB 0.65

TOP10 Application CategoriesTotal Packets: 519 922 859Total Traffic: 281.3 GBApplication Category Packets Traffic %Unclassified 367 237 399 200.1 GB 71.14Web Services 68 711 600 41.7 GB 14.84Streaming Media 16 575 918 13.5 GB 4.80File Transfer 20 328 932 13.0 GB 4.64Messaging 23 479 750 5.1 GB 1.83Networking 13 054 018 3.3 GB 1.17Mail 4 899 329 2.4 GB 0.85Social Networking 4 824 340 1.9 GB 0.69Remote Access 733 706 93.3 MB 0.03Games 40 643 17.2 MB 0.01

Network Protection

Packet Filter / Firewall

TOP10 dropped source hostsTotal dropped packets: 7 507 278 Source IP Hostname Packets %lan 192.168.1.175 Router Sistemas Pruebas 1 970 493 26.25lan 192.168.22.189 iphone yukako 954 940 12.72lan 192.168.22.185 Jose Feijoo Personal 450 898 6.01lan 192.168.1.250 lapto personal pablo MAcbook 317 490 4.23lan 192.168.22.221 Javier Cotin Macbook 264 654 3.53lan 192.168.22.76 Amanda Herrick 176 732 2.35lan 192.168.22.8 Andrew Laptop 172 190 2.29lan 192.168.1.9 Lorenz_EquipoPErsonalW 164 612 2.19lan 192.168.1.186 Laptop-IT 157 658 2.10lan 192.168.22.153 iphone johanna carrion 110 763 1.48

TOP10 dropped destination hostsTotal dropped packets: 7 507 278 Destination IP Hostname Packets %us 17.173.254.222 17.173.254.222 887 299 11.82us 17.154.239.222 17.154.239.222 500 999 6.67us 17.173.255.222 17.173.255.222 493 033 6.57us 17.173.254.223 17.173.254.223 448 568 5.98co 190.103.114.2 1_NewAccess (Address) 325 045 4.33us 17.154.239.223 17.154.239.223 249 765 3.33us 17.173.255.223 17.173.255.223 215 154 2.87lan 224.0.0.1 all-systems.mcast.net 188 290 2.51us 98.172.30.200 wsip-98-172-30-200.dc.dc.cox.net 114 302 1.52lan 192.168.1.186 Laptop-IT 75 967 1.01

TOP10 dropped servicesTotal dropped packets: 7 507 278Service Name Protocol Service Packets %

UDP 16384 953 094 12.70UDP 16385 929 032 12.38UDP 16386 914 116 12.18TCP 5223 474 308 6.32UDP 8612 303 418 4.04

HTTPS TCP 443 292 850 3.90SNMP UDP 161 183 297 2.44DDI-TCP-1 TCP 8888 151 725 2.02NTP UDP 123 149 280 1.99HTTP TCP 80 119 923 1.60

Intrusion Prevention System (IPS)

TOP10 AttackerTotal attack events: 214 Source IP Hostname Events %lan 192.168.1.45 Internal mail server 37 17.29de 129.70.208.22 unibi-smtp-b.hrz.uni-bielefeld.de 11 5.14rs 82.117.208.243 static1-208-243.hosting.sbb.rs 9 4.21us 198.23.213.90 198-23-213-90-host.colocrossing.com 8 3.74us 74.217.148.111 74.217.148.111 7 3.27ec 200.6.8.20 mail.mmrree.gob.ec 7 3.27us 66.225.223.7 66.225.223.7 7 3.27us 192.3.140.202 192-3-140-202-host.colocrossing.com 7 3.27us 23.94.245.138 host.colocrossing.com 6 2.80cn 110.190.111.61 110.190.111.61 5 2.34

TOP10 Attack TargetsTotal attack events: 214 Destination IP Hostname Events %lan 192.168.1.38 Server SIP 67 31.31lan 192.168.1.1 0_Internal (Address) 37 17.29lan 192.168.1.45 Internal mail server 34 15.89lan 192.168.1.19 IT-01 16 7.48lan 192.168.1.239 Samsung Luis Molina 10 4.67lan 192.168.1.161 Metrerologia 6 2.80lan 192.168.1.167 user(Pelayo Salinas ) 6 2.80lan 192.168.1.175 Router Sistemas Pruebas 5 2.34lan 192.168.1.190 192.168.1.190 4 1.87lan 192.168.1.146 Natalia Tirado 4 1.87

TOP10 Attack RulesTotal attack events: 214Rule ID Rule Name Group Events %28556 PROTOCOL-DNS DNS query

amplification attemptServer / Misc / DNS 54 25.23

28039 INDICATOR-COMPROMISESuspicious .pw dns query

Server / Misc / DNS 37 17.29

16482 BROWSER-IE MicrosoftInternet Explorer userdatabehavior memory corruptionattempt

Client / Browser 20 9.35

19099 BROWSER-WEBKIT AppleSafari CSS font formatcorruption attempt


19321 BROWSER-FIREFOX MozillaProducts nsCSSValue ArrayIndex Integer Overflow


24155 FILE-PDF Adobe AcrobatReader free text annotationinvalid IT value denial ofservice attempt

Client / Multimedia 11 5.14

19873 BROWSER-IE MicrosoftInternet Explorer CSS stylememory corruption attempt


20812 PROTOCOL-TELNET FreeBSDtelnetd enc_keyid overflowattempt

Malware 9 4.21

22063 SERVER-WEBAPP PHP-CGIremote file include attempt

Server / HTTP / PHP 9 4.21

25460 FILE-PDF Adobe AcrobatReader incomplete JP2Kimage geometry - potentiallymalicious

Client / Multimedia 7 3.27

Application Control

Application Filtering

TOP10 ApplicationsTotal Packets: 300 881Application Packets %Dropbox 110 542 36.74Windows Update 32 812 10.91Kaspersky 32 430 10.78Facebook 27 577 9.17Twitter 22 710 7.55Bittorrent 16 479 5.48AppNexus 11 504 3.82Avast.com 11 456 3.81Google Drive 9 788 3.25Apple 9 404 3.13

TOP10 Application CategoriesTotal packets: 300 881Category Packets %File Transfer 193 218 64.22Social Networking 50 475 16.78Web Services 40 310 13.40Networking 9 404 3.13Messaging 3 881 1.29Streaming Media 3 593 1.19

TOP10 Blocked SourcesTotal packets: 300 881Client IP Client Hostname Packets %192.168.1.167 user(Pelayo Salinas ) 54 495 18.11192.168.22.190 Notebook Yukako 23 224 7.72192.168.1.191 Piedad Lincango 22 694 7.54192.168.22.185 Jose Feijoo Personal 19 737 6.56192.168.22.108 Telefono Jesus 19 202 6.38192.168.1.144 Tom Poulsom 15 494 5.15192.168.22.89 Jeancarlos Bailon Compaq 12 702 4.22192.168.1.124 Liza Diaz MAc 12 668 4.21192.168.22.34 Gabriela Samaniego Toshiba 12 604 4.19192.168.22.189 iphone yukako 9 154 3.04

TOP10 Blocked DestinationsTotal packets: 300 881Server IP Server Hostname Packets %173.252.73.52 edge-star-shv-03-prn2.facebook.com 13 079 4.35108.160.166.61 d-5b.sjc.dropbox.com 10 238 3.40108.160.167.148 d-6b.v.dropbox.com 9 887 3.29108.160.165.253 d-4a.v.dropbox.com 9 866 3.28108.160.166.189 d-5a.sjc.dropbox.com 9 778 3.25108.160.162.53 d-3a.v.dropbox.com 8 876 2.95108.160.165.189 d-6a.sjc.dropbox.com 8 522 2.8323.32.203.163 a23-32-203-163.deploy.static.akamaitechnologies.com 7 829 2.60199.16.158.9 199.16.158.9 5 655 1.88199.16.158.73 199.16.158.73 4 674 1.55

Sophos UTM Copyright 2002-2014 Sophos Ltd. All rights reserved.