Sophos FW IPS Alerts

Intrusion attacks
2023-08-04 00:00:00 - 2023-09-04 23:59:59
Appliance:
XG230
Appliance key:
C240777QDBVJQE5
Firmware version:
SFOS 19.5.1 MR-1-Build278
Filter(s) applied while generating this report:

None
Server time : Mon Sep 04 12:36:57 IST 2023

Reports:
1.Attack categories
2.Attacked platforms
3.Attack targets
4.Severity-wise attacks
5.Intrusion attacks
6.Attacks detected and allowed
7.Intrusion source
8.Intrusion destination
9.Users
10.Applications used for attacks
11.Lateral movement detection
12.Source countries
13.Trend - intrusion attacks

1.Attack categories
CATEGORY HITS
scan 227
server-webapp 112
malware-cnc 86
server-apache 1

2.Attacked platforms
PLATFORM HITS
BSD,Linux,Mac,Other,Solaris,Unix,Windows 324
Other 68
BSD,Linux,Other,Solaris,Unix,Windows 12
Linux,Other,Solaris,Unix,Windows 12
Windows 8
Linux 1
Linux,Mac,Other,Unix,Windows 1

3.Attack targets
TARGET HITS
Server 418
Client 8

4.Severity-wise attacks
SEVERITY HITS
Moderate 228
Critical 195
Major 3

5.Intrusion attacks
ATTACK HITS
SCAN Zgrab Scanning Attempt Detected 201
MALWARE-CNC User-Agent known malicious user-agent string - Mirai 42
SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt 41
MALWARE-CNC Mirai Botnet Attack Attempt 33
SERVER-WEBAPP Zyxel unauthenticated IKEv2 CVE-2023-28771 Command Injection Attempt 25
SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 CVE-2018-20062 Remote Code Execution 24
SCAN Nmap Scanner Detected 18
SERVER-WEBAPP Generic XXE Detetction 16
SCAN Masscan Scanner Detected 8
MALWARE-CNC Win.Trojan.ZeroAccess outbound connection 4
MALWARE-CNC Win.Trojan.ZeroAccess inbound connection 4
MALWARE-CNC Win.Trojan.AveMaria variant outbound connection 3
SERVER-WEBAPP Apache Log4j logging remote code execution attempt 3
SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt 2
SERVER-APACHE Apache Tomcat allowLinking URIencoding directory traversal attempt 1
SERVER-WEBAPP Worm.Linux.CVE-2020-8515 Tsunamihoaxbot.A 1

6.Attacks detected and allowed
ATTACK HITS
No record found

7.Intrusion source
ATTACKER HITS
84.54.51.50 21
193.34.212.225 19
83.97.73.87 16
167.172.89.248 9
139.59.37.187 9
66.240.205.34 8
45.136.153.217 8
104.248.130.34 6
64.227.146.243 6
159.65.168.103 6
170.64.154.53 6
84.54.51.146 6
164.92.117.229 6
139.59.58.140 6
170.64.134.120 6
146.190.48.172 6
45.128.232.108 6
157.0.133.66 5
8.140.167.137 4
156.206.221.155 4
113.57.42.252 4
139.162.169.65 4
61.158.173.189 4
2.57.122.233 4
170.64.130.197 3
138.68.153.47 3
178.128.84.112 3
188.166.71.161 3
146.190.119.114 3
172.104.210.105 3
24.199.98.33 3
64.227.150.86 3
170.64.154.131 3

ATTACKER HITS
157.245.69.67 3
64.226.98.14 3
137.184.105.192 3
165.227.147.215 3
146.190.119.189 3
143.110.182.33 3
178.128.84.187 3
95.214.55.244 3
102.41.87.149 2
102.44.9.21 2
122.193.187.49 2
14.225.252.238 2
163.125.211.45 2
154.178.103.230 2
66.240.236.109 2
66.240.236.116 2
179.1.67.86 2
118.31.78.70 2
27.195.120.66 2
8.222.222.219 2
218.28.124.102 2
102.41.128.163 2
102.44.89.179 2
219.74.229.80 2
154.178.146.58 2
95.137.205.109 2
125.32.155.14 2
146.190.138.191 2
195.96.137.6 2
223.13.123.185 2
171.120.29.7 2
65.1.207.78 2
102.45.68.45 2
220.180.170.191 2
223.72.130.86 2
Server Time : Mon Sep 04 12:36:57 IST 2023

ATTACKER HITS
197.55.236.209 2
192.241.237.34 2
183.94.151.73 2
60.221.224.113 2
178.175.175.172 2
39.98.174.240 2
102.42.45.181 2
8.130.74.151 2
101.74.200.170 2
120.86.255.242 2
112.67.172.113 2
112.160.164.254 2
102.40.166.37 2
197.37.1.147 2
103.161.176.39 2
92.118.39.242 2
198.199.106.131 1
143.198.99.232 1
107.170.227.4 1
107.170.246.40 1
104.152.52.153 1
107.170.234.29 1
138.68.208.40 1
157.245.99.52 1
107.170.238.10 1
87.236.176.62 1
138.68.15.210 1
107.170.192.29 1
162.243.142.29 1
138.68.208.38 1
107.170.224.38 1
198.199.119.46 1
162.243.152.6 1
198.199.111.152 1
107.170.231.40 1

ATTACKER HITS
104.236.128.46 1
198.199.96.86 1
162.243.131.31 1
137.184.234.148 1
162.243.150.36 1
192.241.207.44 1
192.241.226.36 1
192.241.195.77 1
198.199.104.15 1
198.199.113.86 1
107.170.239.48 1
192.241.231.51 1
192.241.236.53 1
87.236.176.116 1
87.236.176.124 1
139.144.4.22 1
107.170.238.41 1
198.199.118.127 1
139.59.125.218 1
192.241.218.12 1
198.199.110.79 1
87.236.176.172 1
198.199.114.28 1
209.100.101.94 1
218.13.172.42 1
162.243.133.44 1
107.170.231.31 1
165.154.36.245 1
198.199.102.7 1
162.243.137.41 1
107.170.228.46 1
46.19.138.210 1
117.63.208.46 1
103.249.39.254 1
192.241.211.25 1

ATTACKER HITS
107.189.12.85 1
162.243.133.23 1
39.105.222.183 1
107.170.247.34 1
159.65.250.46 1
162.243.145.44 1
104.152.52.152 1
162.243.151.41 1
107.170.232.49 1
159.65.133.84 1
179.43.180.18 1
101.0.42.118 1
198.199.108.29 1
192.241.222.36 1
192.241.216.41 1
104.131.144.32 1
87.236.176.130 1
198.199.111.41 1
198.199.100.133 1
192.241.219.51 1
192.241.213.37 1
92.118.39.248 1
107.170.237.74 1
104.152.52.237 1
36.111.69.0 1
192.241.221.34 1
198.199.107.20 1
107.170.254.23 1
107.170.252.44 1
192.155.88.231 1
192.241.219.45 1
27.43.205.224 1
192.241.226.54 1
87.236.176.248 1
162.243.147.7 1

ATTACKER HITS
198.199.103.75 1
162.243.129.9 1
87.236.176.133 1
192.241.225.73 1
87.236.176.200 1
192.241.236.81 1
162.243.129.36 1
104.131.144.24 1
162.243.131.32 1
79.110.48.194 1
198.199.103.107 1
192.241.233.29 1
162.243.146.49 1
165.154.51.188 1
137.184.117.20 1
165.227.229.200 1
192.241.208.64 1
107.170.240.59 1
198.199.114.62 1
165.22.207.161 1
80.66.77.238 1

8.Intrusion destination
VICTIM HITS
209.100.101.118 358
209.100.101.34 67
142.250.192.19 1

9.Users
USER HITS
Unidentified 425
209.100.101.94 1

10.Applications used for attacks
APPLICATION/PROTO:PORT HITS
HTTP 336
TCP:8000 54
UDP:500 25
UDP:16464 8
TCP:554 3

11.Lateral movement detection
ATTACKE VICTIM DE SEVERIT SIGNAT SIGNAT ACTION LOGIN PROCES EXECUT ATTACK HITS
R STINATIO Y URE ID URE USER S USER ABLE LAST
SOURCE N IP NAME SEEN
IP
No
record
found

12.Source countries
SOURCE COUNTRY HITS
United States 137
China 56
Netherlands 40
India 33
Egypt 26
Germany 24
Poland 22
Singapore 21
Australia 18
Russia 16
United Kingdom 12
Romania 4
Vietnam 4
South Korea 2
Colombia 2
Moldova 2
Switzerland 2
Georgia 2
Luxembourg 1
Thailand 1
French Southern Territories 1

13.Trend - intrusion attacks
TIME EVENT TYPE EVENT
2023-08-04 00:00:00 IPS Attack 3
2023-08-04 04:00:00 IPS Attack 2
2023-08-04 08:00:00 IPS Attack 1
2023-08-04 12:00:00 IPS Attack 2
2023-08-04 16:00:00 IPS Attack 4
2023-08-04 20:00:00 IPS Attack 3
2023-08-05 00:00:00 IPS Attack 3
2023-08-05 04:00:00 IPS Attack 2
2023-08-05 08:00:00 IPS Attack 3
2023-08-05 12:00:00 IPS Attack 1
2023-08-05 16:00:00 IPS Attack 0
2023-08-05 20:00:00 IPS Attack 2
2023-08-06 00:00:00 IPS Attack 2
2023-08-06 04:00:00 IPS Attack 1
2023-08-06 08:00:00 IPS Attack 0
2023-08-06 12:00:00 IPS Attack 9
2023-08-06 16:00:00 IPS Attack 0
2023-08-06 20:00:00 IPS Attack 2
2023-08-07 00:00:00 IPS Attack 3
2023-08-07 04:00:00 IPS Attack 0
2023-08-07 08:00:00 IPS Attack 1
2023-08-07 12:00:00 IPS Attack 2
2023-08-07 16:00:00 IPS Attack 1
2023-08-07 20:00:00 IPS Attack 0
2023-08-08 00:00:00 IPS Attack 11
2023-08-08 04:00:00 IPS Attack 4
2023-08-08 08:00:00 IPS Attack 3
2023-08-08 12:00:00 IPS Attack 6
2023-08-08 16:00:00 IPS Attack 2
2023-08-08 20:00:00 IPS Attack 5
2023-08-09 00:00:00 IPS Attack 2
2023-08-09 04:00:00 IPS Attack 4
2023-08-09 08:00:00 IPS Attack 1

2023-08-09 12:00:00 IPS Attack 8
2023-08-09 16:00:00 IPS Attack 1
2023-08-09 20:00:00 IPS Attack 1
2023-08-10 00:00:00 IPS Attack 3
2023-08-10 04:00:00 IPS Attack 2
2023-08-10 08:00:00 IPS Attack 0
2023-08-10 12:00:00 IPS Attack 1
2023-08-10 16:00:00 IPS Attack 6
2023-08-10 20:00:00 IPS Attack 3
2023-08-11 00:00:00 IPS Attack 1
2023-08-11 04:00:00 IPS Attack 1
2023-08-11 08:00:00 IPS Attack 5
2023-08-11 12:00:00 IPS Attack 0
2023-08-11 16:00:00 IPS Attack 2
2023-08-11 20:00:00 IPS Attack 17
2023-08-12 00:00:00 IPS Attack 4
2023-08-12 04:00:00 IPS Attack 0
2023-08-12 08:00:00 IPS Attack 1
2023-08-12 12:00:00 IPS Attack 4
2023-08-12 16:00:00 IPS Attack 0
2023-08-12 20:00:00 IPS Attack 1
2023-08-13 00:00:00 IPS Attack 5
2023-08-13 04:00:00 IPS Attack 4
2023-08-13 08:00:00 IPS Attack 0
2023-08-13 12:00:00 IPS Attack 1
2023-08-13 16:00:00 IPS Attack 6
2023-08-13 20:00:00 IPS Attack 1
2023-08-14 00:00:00 IPS Attack 2
2023-08-14 04:00:00 IPS Attack 7
2023-08-14 08:00:00 IPS Attack 2
2023-08-14 12:00:00 IPS Attack 3
2023-08-14 16:00:00 IPS Attack 5
2023-08-14 20:00:00 IPS Attack 0
2023-08-15 00:00:00 IPS Attack 2
2023-08-15 04:00:00 IPS Attack 3

2023-08-15 08:00:00 IPS Attack 2
2023-08-15 12:00:00 IPS Attack 2
2023-08-15 16:00:00 IPS Attack 3
2023-08-15 20:00:00 IPS Attack 4
2023-08-16 00:00:00 IPS Attack 5
2023-08-16 04:00:00 IPS Attack 2
2023-08-16 08:00:00 IPS Attack 3
2023-08-16 12:00:00 IPS Attack 4
2023-08-16 16:00:00 IPS Attack 3
2023-08-16 20:00:00 IPS Attack 1
2023-08-17 00:00:00 IPS Attack 1
2023-08-17 04:00:00 IPS Attack 12
2023-08-17 08:00:00 IPS Attack 3
2023-08-17 12:00:00 IPS Attack 3
2023-08-17 16:00:00 IPS Attack 3
2023-08-17 20:00:00 IPS Attack 4
2023-08-18 00:00:00 IPS Attack 1
2023-08-18 04:00:00 IPS Attack 1
2023-08-18 08:00:00 IPS Attack 3
2023-08-18 12:00:00 IPS Attack 1
2023-08-18 16:00:00 IPS Attack 1
2023-08-18 20:00:00 IPS Attack 5
2023-08-19 00:00:00 IPS Attack 5
2023-08-19 04:00:00 IPS Attack 7
2023-08-19 08:00:00 IPS Attack 4
2023-08-19 12:00:00 IPS Attack 9
2023-08-19 16:00:00 IPS Attack 1
2023-08-19 20:00:00 IPS Attack 0
2023-08-20 00:00:00 IPS Attack 3
2023-08-20 04:00:00 IPS Attack 8
2023-08-20 08:00:00 IPS Attack 1
2023-08-20 12:00:00 IPS Attack 1
2023-08-20 16:00:00 IPS Attack 4
2023-08-20 20:00:00 IPS Attack 2
2023-08-21 00:00:00 IPS Attack 2

2023-08-21 04:00:00 IPS Attack 3
2023-08-21 08:00:00 IPS Attack 4
2023-08-21 12:00:00 IPS Attack 5
2023-08-21 16:00:00 IPS Attack 2
2023-08-21 20:00:00 IPS Attack 1
2023-08-22 00:00:00 IPS Attack 1
2023-08-22 04:00:00 IPS Attack 4
2023-08-22 08:00:00 IPS Attack 3
2023-08-22 12:00:00 IPS Attack 0
2023-08-22 16:00:00 IPS Attack 3
2023-08-22 20:00:00 IPS Attack 11
2023-08-23 00:00:00 IPS Attack 2
2023-08-23 04:00:00 IPS Attack 2
2023-08-23 08:00:00 IPS Attack 0
2023-08-23 12:00:00 IPS Attack 0
2023-08-23 16:00:00 IPS Attack 0
2023-08-23 20:00:00 IPS Attack 2
2023-08-24 00:00:00 IPS Attack 1
2023-08-24 04:00:00 IPS Attack 1
2023-08-24 08:00:00 IPS Attack 9
2023-08-24 12:00:00 IPS Attack 1
2023-08-24 16:00:00 IPS Attack 2
2023-08-24 20:00:00 IPS Attack 0
2023-08-25 00:00:00 IPS Attack 2
2023-08-25 04:00:00 IPS Attack 0
2023-08-25 08:00:00 IPS Attack 8
2023-08-25 12:00:00 IPS Attack 7
2023-08-25 16:00:00 IPS Attack 1
2023-08-25 20:00:00 IPS Attack 4
2023-08-26 00:00:00 IPS Attack 0
2023-08-26 04:00:00 IPS Attack 1
2023-08-26 08:00:00 IPS Attack 0
2023-08-26 12:00:00 IPS Attack 1
2023-08-26 16:00:00 IPS Attack 1
2023-08-26 20:00:00 IPS Attack 1

2023-08-27 00:00:00 IPS Attack 3
2023-08-27 04:00:00 IPS Attack 0
2023-08-27 08:00:00 IPS Attack 0
2023-08-27 12:00:00 IPS Attack 0
2023-08-27 16:00:00 IPS Attack 0
2023-08-27 20:00:00 IPS Attack 0
2023-08-28 00:00:00 IPS Attack 6
2023-08-28 04:00:00 IPS Attack 0
2023-08-28 08:00:00 IPS Attack 0
2023-08-28 12:00:00 IPS Attack 0
2023-08-28 16:00:00 IPS Attack 0
2023-08-28 20:00:00 IPS Attack 4
2023-08-29 00:00:00 IPS Attack 1
2023-08-29 04:00:00 IPS Attack 1
2023-08-29 08:00:00 IPS Attack 0
2023-08-29 12:00:00 IPS Attack 0
2023-08-29 16:00:00 IPS Attack 0
2023-08-29 20:00:00 IPS Attack 0
2023-08-30 00:00:00 IPS Attack 0
2023-08-30 04:00:00 IPS Attack 0
2023-08-30 08:00:00 IPS Attack 0
2023-08-30 12:00:00 IPS Attack 0
2023-08-30 16:00:00 IPS Attack 0
2023-08-30 20:00:00 IPS Attack 0
2023-08-31 00:00:00 IPS Attack 0
2023-08-31 04:00:00 IPS Attack 0
2023-08-31 08:00:00 IPS Attack 0
2023-08-31 12:00:00 IPS Attack 0
2023-08-31 16:00:00 IPS Attack 0
2023-08-31 20:00:00 IPS Attack 0
2023-09-01 00:00:00 IPS Attack 1
2023-09-01 04:00:00 IPS Attack 1
2023-09-01 08:00:00 IPS Attack 1
2023-09-01 12:00:00 IPS Attack 1
2023-09-01 16:00:00 IPS Attack 1

2023-09-01 20:00:00 IPS Attack 2
2023-09-02 00:00:00 IPS Attack 1
2023-09-02 04:00:00 IPS Attack 0
2023-09-02 08:00:00 IPS Attack 0
2023-09-02 12:00:00 IPS Attack 2
2023-09-02 16:00:00 IPS Attack 0
2023-09-02 20:00:00 IPS Attack 2
2023-09-03 00:00:00 IPS Attack 2
2023-09-03 04:00:00 IPS Attack 1
2023-09-03 08:00:00 IPS Attack 3
2023-09-03 12:00:00 IPS Attack 2
2023-09-03 16:00:00 IPS Attack 2
2023-09-03 20:00:00 IPS Attack 2
2023-09-04 00:00:00 IPS Attack 1
2023-09-04 04:00:00 IPS Attack 1
2023-09-04 08:00:00 IPS Attack 1
2023-09-04 12:00:00 IPS Attack 0

Sophos FW IPS Alerts

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sophos FW IPS Alerts

Uploaded by

Copyright:

Available Formats

Intrusion attacks

2023-08-04 00:00:00 - 2023-09-04 23:59:59

Filter(s) applied while generating this report:

Server time : Mon Sep 04 12:36:57 IST 2023

Server time : Mon Sep 04 12:36:57 IST 2023

Server time : Mon Sep 04 12:36:57 IST 2023

Server time : Mon Sep 04 12:36:57 IST 2023

Server time : Mon Sep 04 12:36:57 IST 2023

Server time : Mon Sep 04 12:36:57 IST 2023

SCAN Zgrab Scanning Attempt Detected 201

MALWARE-CNC User-Agent known malicious user-agent string - Mirai 42

MALWARE-CNC Mirai Botnet Attack Attempt 33

SERVER-WEBAPP Zyxel unauthenticated IKEv2 CVE-2023-28771 Command Injection Attempt 25

SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 CVE-2018-20062 Remote Code Execution 24

SCAN Nmap Scanner Detected 18

SERVER-WEBAPP Generic XXE Detetction 16

SCAN Masscan Scanner Detected 8

MALWARE-CNC Win.Trojan.ZeroAccess outbound connection 4

MALWARE-CNC Win.Trojan.ZeroAccess inbound connection 4

MALWARE-CNC Win.Trojan.AveMaria variant outbound connection 3

SERVER-WEBAPP Apache Log4j logging remote code execution attempt 3

SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt 2

SERVER-APACHE Apache Tomcat allowLinking URIencoding directory traversal attempt 1

SERVER-WEBAPP Worm.Linux.CVE-2020-8515 Tsunamihoaxbot.A 1

Server time : Mon Sep 04 12:36:57 IST 2023

Server time : Mon Sep 04 12:36:57 IST 2023

Server time : Mon Sep 04 12:36:57 IST 2023

Server Time : Mon Sep 04 12:36:57 IST 2023

Server Time : Mon Sep 04 12:36:57 IST 2023

Server Time : Mon Sep 04 12:36:57 IST 2023

Server Time : Mon Sep 04 12:36:57 IST 2023

Server Time : Mon Sep 04 12:36:57 IST 2023

Server time : Mon Sep 04 12:36:57 IST 2023

Server time : Mon Sep 04 12:36:57 IST 2023

Server time : Mon Sep 04 12:36:57 IST 2023

Server time : Mon Sep 04 12:36:57 IST 2023

United States 137

French Southern Territories 1

Server time : Mon Sep 04 12:36:57 IST 2023

2023-08-04 00:00:00 IPS Attack 3

2023-08-04 04:00:00 IPS Attack 2

2023-08-04 08:00:00 IPS Attack 1

2023-08-04 12:00:00 IPS Attack 2

2023-08-04 16:00:00 IPS Attack 4

2023-08-04 20:00:00 IPS Attack 3

2023-08-05 00:00:00 IPS Attack 3

2023-08-05 04:00:00 IPS Attack 2

2023-08-05 08:00:00 IPS Attack 3

2023-08-05 12:00:00 IPS Attack 1

2023-08-05 16:00:00 IPS Attack 0

2023-08-05 20:00:00 IPS Attack 2

2023-08-06 00:00:00 IPS Attack 2

2023-08-06 04:00:00 IPS Attack 1

2023-08-06 08:00:00 IPS Attack 0

2023-08-06 12:00:00 IPS Attack 9

2023-08-06 16:00:00 IPS Attack 0

2023-08-06 20:00:00 IPS Attack 2

2023-08-07 00:00:00 IPS Attack 3

2023-08-07 04:00:00 IPS Attack 0

2023-08-07 08:00:00 IPS Attack 1

2023-08-07 12:00:00 IPS Attack 2

2023-08-07 16:00:00 IPS Attack 1

2023-08-07 20:00:00 IPS Attack 0

2023-08-08 00:00:00 IPS Attack 11