main street access
58 s second street
newark, ohio 43055
740.349.3550

Microsoft Small Business Specialist Certified Professional

-->

Firewall Dashboard Daily Report
Report Created on 19/02/2006 at 11:05 AM for 18/02/2006

Executive Dashboard

Connection Attempt Timeline

Protocol Usage

Protocol	Usage Count
tcp	900
udp	75
icmp:8:0	15
	1

SBS RWW Usage Timeline

Top Sources of Attack

Attack Source	# of Attacks	Additional Information
70.78.80.106	67	Country: Canada
70.78.123.52	56	Country: Canada
70.78.102.37	50	Country: Canada
70.78.80.106	32	Country: Canada
70.78.123.111	25	Country: Canada
70.78.94.73	20	Country: Canada
70.78.85.58	16	Country: Canada
70.78.123.111	15	Country: Canada
70.78.80.106	13	Country: Canada
70.78.123.111	11	Country: Canada

Top Sources of Connection

Source	# of Hits	Port	Additional Information
84.86.121.222	100	smtp (25)	Country: Netherlands
64.251.84.55	84	smtp (25)	Country: Canada
70.78.82.254	48	ntp (123)	Country: Canada
200.121.10.59	6	smtp (25)	Country: Peru
68.118.22.106	6	smtp (25)	Country: United States
70.78.82.253	6	https (443)	Country: Canada
222.255.121.136	4	smtp (25)	Country: Vietnam
200.216.70.146	4	smtp (25)	Country: Brazil
200.127.45.47	2	smtp (25)	Country: Argentina
219.140.232.45	2	smtp (25)	Country: China

Top Ports Attacked

Port	# of Attacks	Description
microsoft-ds (445)	219	Microsoft Domain Service, now called Common Internet File Sharing, used for SMB file and print sharing. Virtually all traffic to this port from foreign hosts should be considered hostile. This port should be firewalled in both directions to prevent attacks and information leakage.
rpc (135)	156	Microsoft Remote Procedure call, used for application procedure calls across the network. Virtually all traffic to this port from foreign hosts should be considered hostile. This port should be firewalled in both directions to prevent attacks and information leakage such as account names and passwords.
netbios-ssn (139)	150	NetBIOS Session Service, used by SMB file and print sharing. Virtually all traffic to this port from foreign hosts should be considered hostile. This port should be firewalled in both directions to prevent attacks.
netbios-ns (137)	19	NetBIOS Name service, used by SMB file and print sharing. Virtually all traffic to this port from foreign hosts should be considered hostile. This port should be firewalled in both directions to prevent attacks.
smtp (25)	11	This service is used to transfer email to servers from clients or other servers.
ms-sql-s (1433)	10	Server port for Microsoft SQL Server, used by clients to connect to and access database. Most traffic to this port from foreign hosts should be considered hostile.
ms-sql-m (1434)	6	Monitoring port for Microsoft SQL Server. Most traffic to this port from foreign hosts should be considered hostile.
Port 7212	6
ssh (22)	5	This service offers the secure shell (SSH) protocol. SSH scanning for default and weak user account and password combinations is extremely common on the Internet.
Port 1025	1	This service allows the Microsoft Task Scheduler to use RPC. Virtually all traffic to this port from foreign hosts should be considered hostile. This port should be firewalled in both directions to prevent attacks by trojans such as NetSpy and Fraggle Rock.

Top Services Used

Port	Connections	Description
smtp (25)	322	This service is used to transfer email to servers from clients or other servers.
ntp (123)	48	Network Time Protocol provides time synchronization for workstations and servers. Most traffic to this port from foreign hosts should be considered hostile.
https (443)	8	The HTTPS service offers web browser clients the ability to surf the world wide web (www) securely with SSL encryption.
dns (53)	2	The Domain Name Server (DNS) provides mappings of domain names such as www.scorpionsoft.com to IP addresses. A good percentage of incoming DNS traffic may be considered hostile, unless you are offering DNS services to the Internet.

Top Service Usage Timeline