[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] could use some help with this logging

I was hoping someone could kinda help me.. I have some reporting from our
firewall that produces the following output. I have to analyze this traffic
but i have to confess that i can not make out if this traffic is malicious
or not or what it is except for the obvious port 80 en port 443.
I hope someone could give me some hints about the traffic
regards Peter 

From source address: [145.x.x.x] (339970 hits to 751 Destinations) 

*       Destination: [] (10066 hits to 11 ports) 

*       30816 (1020) 
*       32800 (1020) 
*       34840 (695) 
*       36896 (647) 
*       443 (1480) 
*       46992 (1033) 
*       47488 (702) 
*       51040 (696) 
*       51536 (1286) 
*       80 (1480) 

*       Destination: [] (4721 hits to 6 ports) 

*       11656 (1708) 
*       15768 (1345) 
*       17824 (689) 
*       443 (486) 
*       80 (486) 

*       Destination: herning.hostero.pil.dk [] (3936 hits to 6

*       23400 (689) 
*       32488 (689) 
*       443 (429) 
*       58672 (1376) 
*       80 (429) 
*       9736 (324) 

*       Destination: host-103-142-230-24.midco.net [] (1937
hits to 3 ports) 

*       443 (115) 
*       54576 (1707) 
*       80 (115) 

*       Destination: dhcp085150.res-hall.northwestern.edu []
(1805 hits to 3 ports) 

*       36865 (1315) 
*       443 (245) 
*       80 (245) 

*       Destination: bzq-82-81-199-233.cablep.bezeqint.net []
(1753 hits to 3 ports) 

*       27447 (1225) 
*       443 (264) 
*       80 (264) 

*       Destination: host243-217.eksjo.com [] (1732 hits to 3

*       443 (181) 
*       52238 (1370) 
*       80 (181) 

*       Destination: syr-69-201-1-3.twcny.rr.com [] (1727 hits to
3 ports) 

*       17067 (1379) 
*       443 (174) 
*       80 (174) 

*       Destination: [] (1712 hits to 3 ports) 

*       443 (188) 
*       49307 (1336) 
*       80 (188) 

*       Destination: studentcnsat.ncl.ac.uk [] (1712 hits to 3

*       39793 (1376) 
*       443 (168) 
*       80 (168) 

*       Destination: sm-pc314.sm.luth.se [] (1705 hits to 3

*       443 (163) 
*       51563 (1379) 
*       80 (163) 

*       Destination: 68-185-51-218.wa.charter.com [] (1699 hits
to 3 ports) 

*       29253 (1356) 
*       443 (172) 
*       80 (171) 

*       Destination: henz214-dharnisch-dellpc2.unl.edu [] (1679
hits to 3 ports) 

*       44286 (1373) 
*       443 (153) 
*       80 (153) 

*       Destination: ip68-13-164-36.om.om.cox.net [] (1677 hits
to 3 ports) 

*       13699 (1361) 
*       443 (158) 
*       80 (158) 

*       Destination: 3E6B1B51.rev.stofanet.dk [] (1669 hits to 3

*       443 (155) 
*       5472 (1359) 
*       80 (155) 

*       Destination: YahooBB220006060057.bbtec.net [] (1659 hits
to 3 ports) 

*       443 (148) 
*       44753 (1363) 
*       80 (148) 

*       Destination: c-495070d5.027-317-73746f7.cust.bredbandsbolaget.se
[] (1658 hits to 3 ports) 

*       33435 (1374) 
*       443 (142) 
*       80 (142) 

*       Destination: errorek.sh.cvut.cz [] (1647 hits to 3

*       13972 (1375) 
*       443 (136) 
*       80 (136) 

*       Destination: 82-35-52-107.cable.ubr03.camd.blueyonder.co.uk
[] (1635 hits to 3 ports) 

*       443 (257) 
*       64553 (1121) 
*       80 (257) 

*       Destination: c-24-125-75-142.va.client2.attbi.com []
(1617 hits to 3 ports) 

*       443 (127) 
*       52838 (1363) 
*       80 (127) 

*       Destination: YahooBB220026145016.bbtec.net [] (1616
hits to 3 ports) 

*       15850 (1300) 
*       443 (158) 
*       80 (158) 

*       Destination: ip-56.59.home-lan.fastnet.lv [] (1584 hits
to 3 ports) 

*       31202 (1242) 
*       443 (171) 
*       80 (171) 

*       Destination: 24-205-105-48.rno-cres.charterpipeline.net
[] (1562 hits to 3 ports) 

*       443 (271) 
*       55645 (1020) 
*       80 (271) 

*       Destination: rs-64-246-49-61.ev1.net [] (1535 hits to 3

*       443 (261) 
*       7856 (1013) 
*       80 (261) 

*       Destination: modemcable128.159-203-24.mc.videotron.ca
[] (1528 hits to 3 ports) 

*       443 (76) 
*       59950 (1376) 
*       80 (76) 

*       Destination: [] (1525 hits to 3 ports) 

*       34489 (1027) 
*       443 (249) 
*       80 (249) 

From source address: [145.x.x.x] (236377 hits to 324 Destinations) 

*       Destination: rs-64-246-49-61.ev1.net [] (5936 hits to 7

*       11912 (788) 
*       17944 (788) 
*       20480 (788) 
*       3760 (788) 
*       443 (998) 
*       7856 (788) 
*       80 (998) 

*       Destination: [] (5858 hits to 7 ports) 

*       15432 (788) 
*       20480 (789) 
*       34840 (788) 
*       36896 (789) 
*       443 (958) 
*       44968 (788) 
*       80 (958) 

*       Destination: herning.hostero.pil.dk [] (4664 hits to 6

*       15776 (788) 
*       443 (756) 
*       63680 (788) 
*       7784 (788) 
*       80 (756) 
*       9736 (788) 

*       Destination: pk47st119.uio.no [] (1246 hits to 3

*       3367 (788) 
*       443 (229) 
*       80 (229) 

*       Destination: [] (1234 hits to 3 ports) 

*       3661 (788) 
*       443 (223) 
*       80 (223) 

*       Destination: c213-100-56-238.swipnet.se [] (1230 hits
to 3 ports) 

*       443 (221) 
*       46934 (788) 
*       80 (221) 

*       Destination: rliex01.studbost.vxu.se [] (1228 hits to
3 ports) 

*       443 (220) 
*       44378 (788) 
*       80 (220) 

*       Destination: i222-150-141-238.s05.a008.ap.plala.or.jp
[] (1226 hits to 3 ports) 

*       443 (219) 
*       44764 (788) 
*       80 (219) 

*       Destination: catv-d5de8038.catv.broadband.hu [] (1224
hits to 3 ports) 

*       443 (218) 
*       80 (218) 
*       8014 (788) 

*       Destination: [] (1221 hits to 3 ports) 

*       443 (216) 
*       45805 (789) 
*       80 (216) 

*       Destination: cablep-179-105-241.cablep.bezeqint.net
[] (1220 hits to 3 ports) 

*       443 (216) 
*       61365 (788) 
*       80 (216) 

*       Destination: sr-145.srtb05.resnet.ubc.ca [] (1220
hits to 3 ports) 

*       443 (216) 
*       55964 (788) 
*       80 (216) 

*       Destination: [] (1220 hits to 3 ports) 

*       14457 (788) 
*       443 (216) 
*       80 (216) 

*       Destination: c-208672d5.02-66-73746f42.cust.bredbandsbolaget.se
[] (1219 hits to 3 ports) 

*       443 (215) 
*       54259 (789) 
*       80 (215) 

*       Destination: rdu162-239-101.nc.rr.com [] (1219 hits to
3 ports) 

*       443 (215) 
*       80 (215) 
*       9014 (789) 

*       Destination: [] (1217 hits to 3 ports) 

*       14657 (789) 
*       443 (214) 
*       80 (214) 

*       Destination: [] (1217 hits to 3 ports) 

*       443 (214) 
*       48383 (789) 
*       80 (214) 

*       Destination: drzhangpc.cs.wright.edu [] (1216 hits to
3 ports) 

*       24071 (788) 
*       443 (214) 
*       80 (214) 

*       Destination: d5153A343.kabel.telenet.be [] (1215 hits to
3 ports) 

*       36119 (789) 
*       443 (213) 
*       80 (213) 

*       Destination: gislab4.csie.thu.edu.tw [] (1214 hits to
3 ports) 

*       443 (213) 
*       57818 (788) 
*       80 (213) 

*       Destination: cs2426239-108.satx.rr.com [] (1212 hits to
3 ports) 

*       36519 (788) 
*       443 (212) 
*       80 (212) 

*       Destination: bzq-218-158-130.cablep.bezeqint.net []
(1210 hits to 3 ports) 

*       443 (211) 
*       80 (211) 
*       8303 (788) 

*       Destination: orff.wiwi.uni-rostock.de [] (1210 hits to
3 ports) 

*       443 (211) 
*       58252 (788) 
*       80 (211) 

*       Destination: c906156e.virtua.com.br [] (1210 hits to 3

*       443 (211) 
*       6557 (788) 
*       80 (211) 

*       Destination: pc-202-169-152-251.cable.kumin.ne.jp []
(1210 hits to 3 ports) 

*       443 (211) 
*       64700 (788) 
*       80 (211) 

*       Destination: CPE-65-30-247-82.mn.rr.com [] (1209 hits to
3 ports) 

*       10791 (789) 
*       443 (210) 
*       80 (210)