EventId.Net - Firewalls
EventID.Net

Home Search Events Books Documents TCP/IP Ports Contributors About Us
Log in Q Finder Links Firewalls IT Admin Tasks Log Management Legal
 

FIREGEN FOR PIX 2.x FREQUENTLY ASKED QUESTIONS
     
 
 
 


 

1.

How to identify a port scan using FireGen for Pix 2.0

 

Verify the "Denied connection" section. A list of denied known TCP/IP ports having "no xlate" as reason is one of the footprints of a port scan. The IP address reported in that section should also be listed in the "Denied IP addresses" section, usually with a large number of denied connections. A "regular" port scan utility may try thousands of ports. The "Denied protocols" sections may indicate a long list of know TCP/IP ports with one or more connections (again with "no xlate" as reason).
   

2

How can I identify if anyone is using FrontPage to access web sites?
 

Analyze the logs using "_vti_inf.html" in the "Include keywords" section. Make sure that the "Only report matching message" option is checked.
   

3

How can I identify Web Outlook (OWA) users?
 

Analyze the logs using "/Inbox/" in the "Include keywords section. Make sure that the "Only report matching message" option is checked.
   
   
   
   
   
   

 

 
 

  Featured Links
GFI EventsManager - Network-wide event log management - Download free 30-day trial!

Free Online Event Scanner - Scan your pc for high security events with GFI's free online service.
EventID.Net Subscription - So much information for so little!

 

 

 

 

Legal - EventID.Net © 2001-2008 Altair Technologies Ltd., All rights reserved - Sign up for our Email Newsletter