Scribd Logo
Upload

Welcome to Scribd!

  • Report Renderer Action

    Uploaded by

    Shailesh Mishra
    342 views8 pages
    Attack Severity: Vulnerability Relevance: Show only Blocked Attacks?: Alert State: Start Date: End Date: NICHQ All Informational,Low,Medium,High Relevance,Unknown,Not Applicable. # Attack Name Attack Count IP: Packet has Invalid Address Source / Destination Address DNP3: Invalid DNP3 Flow BOT: Botnet Mariposa UDP Probe Packet Detected.

    Original Description:

    Original Title

    ReportRendererAction

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Attack Severity: Vulnerability Relevance: Show only Blocked Attacks?: Alert State: Start Date: End Date: NICHQ All Informational,Low,Medium,High Relevance,Unknown,Not Applicable. # Attack Name Attack Count IP: Packet has Invalid Address Source / Destination Address DNP3: Invalid DNP3 Flow BOT: Botnet Mariposa UDP Probe Packet Detected.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    342 views8 pages

    Report Renderer Action

    Uploaded by

    Shailesh Mishra
    Attack Severity: Vulnerability Relevance: Show only Blocked Attacks?: Alert State: Start Date: End Date: NICHQ All Informational,Low,Medium,High Relevance,Unknown,Not Applicable. # Attack Name Attack Count IP: Packet has Invalid Address Source / Destination Address DNP3: Invalid DNP3 Flow BOT: Botnet Mariposa UDP Probe Packet Detected.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Executive Summary Report

    Admin Domain: NICHQ


    Sensor(s): All
    Attack Severity: Informational,Low,Medium,High
    Vulnerability Relevance: Relevant,Unknown,Not Applicable
    Show only Blocked Attacks?: Yes
    Alert State: All Alerts
    Start Date: 2011-05-22 00:00:00 IST
    End Date: 2011-05-22 23:59:59 IST
    Report Generation Time: 2011-05-23 01:22:37 IST

    Top N Blocked Attacks

    # Attack Name Attack Count

    1. IP: Packet has Invalid Address Source/Destination Address 8834613

    2. DNP3: Invalid DNP3 Flow 315780

    3. UDS-China Dest 8171

    4. BOT: Botnet Mariposa UDP Probe Packet Detected 6591


    Top N Blocked Attacks

    # Attack Name Attack Count

    5. P2P: Octoshape Traffic detected 5611

    6. P2P: TeamViewer Traffic Detected 5397

    7. IRC: IRC Client Activity Detected 2955

    8. P2P: BitTorrent Meta-Info Retrieving 2268

    9. IM: MSN (.NET) Messenger Alive 1335

    10. P2P: STUN based NAT Traversal Detected 1174

    11. UDS-HTTP-SQL-Injection-Shutdown 943

    12. IM: Gmail Chat Traffic Detected 916

    13. HTTP: Invalid Flow Detected 640

    14. DNS: Invalid DNS Flow 531

    15. ICMP: Nachi Worm Host Sweep 302

    16. P2P: LogMeIn Traffic Detected 187

    17. P2P: Torrent uTP BEP-29 Traffic Detected 121

    18. KERBEROS: Non-Kerberos Traffic Detected 104

    19. IM: Yahoo Messenger Alive 98

    20. IM: Google Talk Traffic Detected 72


    Attack Count Per Sensor

    # Sensor Alert Count Attack Count Blocked Attack


    Count

    1. NDC-PUNE 7749 3485292 3485292

    2. NICHQ4010-3 9251 1824138 1824138

    3. NICHQ4010-1 9786 1450649 1450649

    4. NICHQ4010-2 7441 1447764 1447764

    5. NICHQ4010-4 4379 918566 918566

    6. aaa 1432 16698 16698

    7. up-ips 8045 8045 8045

    8. KER-IPS 6089 6089 6089

    9. NB-IPS 5737 5737 5737

    10. HRY-IPS 3885 3885 3885

    11. AP-IPS 3404 3404 3404

    12. TN-IPS 2926 2926 2926

    13. RAJ-IPS 2212 2212 2212

    14. CG-IPS 1431 1431 1431

    15. SIK-IPS 1431 1431 1431

    16. KAR-IPS 1429 1429 1429

    17. JHA-IPS 1222 1222 1222

    18. DL-IPS 1133 1138 1138

    19. Jammu-IPS 696 696 696

    20. ASM-IPS 663 663 663

    21. ORI-IPS 656 656 656

    22. MAH-IPS 604 604 604

    23. LOKNAYAK-IPS 581 581 581

    24. GUJ-IPS 394 394 394

    25. MES-IPS 394 394 394

    26. BLOCK14-IPS 309 375 375

    27. PAR-IPS 350 350 350

    28. MANIPUR-IPS 303 303 303

    29. MP-IPS 247 247 247

    30. NIRMAN-IPS 115 191 191

    31. DRMES-IPS 148 148 148

    32. WB-IPS 108 108 108

    33. UA-IPS 107 107 107

    34. SHRAM-IPS 52 52 52

    35. AND-IPS 51 51 51

    36. PON-IPS 43 43 43

    37. TRP-IPS 38 38 38

    38. CHD-IPS 33 33 33
    Attack Count Per Sensor

    # Sensor Alert Count Attack Count Blocked Attack


    Count

    39. DR-IPS2 27 27 27

    40. HP-IPS 24 24 24

    41. BIH-IPS 10 10 10

    42. GOA-IPS 8 8 8

    43. SARDAR-IPS 5 7 7

    44. UB-IPS 6 6 6

    45. TECH-IPS 5 5 5

    46. DIT-IPS 4 5 5

    47. MEA-IPS 4 4 4

    48. PMO-IPS 3 3 3

    49. MEG-IPS 2 2 2

    50. YOJNA-IPS 1 1 1

    51. MIZ-IPS 0 0 0

    52. JAISALMER-IPS 0 0 0

    53. DR-IPS1 0 0 0

    54. CABSEC-IPS 0 0 0

    55. NICCA 0 0 0

    56. NDC-HYD 0 0 0

    57. AKBAR-IPS 0 0 0

    58. RB-IPS 0 0 0

    59. DR-NICCA 0 0 0

    60. TRANSPORT-IPS 0 0 0

    61. ARN-IPS 0 0 0

    62. PARYAVARAN-IPS 0 0 0

    63. KRISHI-IPS 0 0 0

    64. PUN-IPS 0 0 0
    Attack Count Per Severity

    # Severity Attack Count

    1. High 1041

    2. Medium 25433

    3. Low 324589

    4. Informational 8837129
    Attack Count Per Category

    # Category Attack Count

    1. Exploit 8844540

    2. Policy Violation 336724

    3. Malware 6626

    4. Reconnaissance Attacks 302

    Attacks Count Per Sub-Category

    # Sub-Category Category Attack Count

    1. protocol-violation Exploit 8835259

    2. non-standard-port Policy Violation 315781

    3. restricted-application Policy Violation 19091

    4. unassigned Exploit 9151

    5. bot Malware 6626

    6. audit Policy Violation 1852

    7. host-sweep Reconnaissance Attacks 302

    8. worm Exploit 49

    9. dos Exploit 32

    10. buffer-overflow Exploit 26

    11. read-exposure Exploit 21


    Attacks Count Per Sub-Category

    # Sub-Category Category Attack Count

    12. probe Exploit 2

    Top N Source IP

    # Source IP Address Attack Count

    1. * 9116180

    2. 164.100.10.18 18020

    3. 0.0.0.0 13206

    4. 10.162.27.237 5666

    5. 10.135.28.51 3613

    6. 10.89.182.75 2584

    7. 10.135.24.133 1601

    8. 10.134.209.14 1157

    9. 10.132.80.113 1024

    10. 10.128.83.50 938

    11. 10.170.105.49 930

    12. 10.182.2.23 891

    13. 164.100.17.3 719

    14. 10.177.2.6 652

    15. 10.23.150.87 575

    16. 10.135.2.252 575

    17. 10.136.105.26 567

    18. 10.160.153.106 526

    19. 10.130.14.155 526

    20. 10.149.14.245 524

    Top N Destination IP

    # Destination IP Address Attack Count

    1. * 9116482

    2. 164.100.9.3 19023

    3. 123.183.217.32 6355

    4. 0.0.0.0 5725

    5. 77.79.6.83 2171

    6. 60.190.223.125 1816

    7. 59.63.157.62 1810

    8. 62.75.246.130 1489

    9. 85.214.154.223 1468

    10. 164.100.9.0 1440

    11. 164.100.17.0 1440

    12. 164.100.51.0 1440


    Top N Destination IP

    # Destination IP Address Attack Count

    13. 72.26.198.222 1380

    14. 91.212.135.184 1223

    15. 10.145.0.253 1035

    16. 67.215.242.138 952

    17. 46.182.105.212 938

    18. 67.215.242.139 886

    19. 209.85.231.100 763

    20. 164.100.52.0 720

    You might also like