MNW & Shaw Secure - "*.log" format
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

MNW & Shaw Secure - "*.log" format

From: 'ole <ole-is-not@home.com>
Date: Thu Aug 11 2005 - 03:38:59 CEST




-- 1. I have not succesfully to date been able to get "My Net Watchman"


(MNW) to properly process the "SHAW Secure" .log files [which pull right


into notepad] ?



2.  See any intrusion activity: ???



2005-08-05T15:55:28-07:00,info,appl


control,unknown,allow,receive,17,64.59.184.13,0


2005-08-05T15:55:28-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,445,445,allow


2005-08-05T15:55:24-07:00,info,appl control,C:\Program Files\Shaw


Secure\backweb\3875767\Program\fspex.exe,deny,listen,17,0.0.0.0,9370


2005-08-05T15:55:24-07:00,info,appl


control,services.exe,deny,send,17,68.150.171.255,138


2005-08-05T15:55:25-07:00,info,appl


control,C:\WINNT\system32\services.exe,deny,listen,17,0.0.0.0,0


2005-08-05T15:55:25-07:00,info,appl


control,services.exe,deny,send,17,64.59.184.13,53


2005-08-05T15:55:25-07:00,info,appl


control,services.exe,deny,send,17,64.59.184.13,53


2005-08-05T15:55:26-07:00,info,appl


control,System,allow,send,17,68.150.171.255,138


2005-08-05T15:55:26-07:00,info,appl


control,services.exe,deny,send,17,64.59.184.15,53


2005-08-05T15:55:26-07:00,info,appl


control,services.exe,deny,send,17,64.59.184.15,53


2005-08-05T15:55:28-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,445,445,allow


2005-08-05T15:55:28-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,135,135,allow


2005-08-05T15:55:28-07:00,success,general,daemon,Firewall Daemon service


started.


2005-08-05T15:55:31-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,58581,58581,allow


2005-08-05T15:55:31-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,send,17,64.59.184.15,53


2005-08-05T15:55:31-07:00,info,appl


control,unknown,allow,send,17,68.150.171.255,138


2005-08-05T15:55:31-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,receive,17,68.150.170.45,138


2005-08-05T15:55:31-07:00,info,appl


control,C:\WINNT\system32\lsass.exe,allow,listen,17,68.150.170.45,500


2005-08-05T15:55:31-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,500,500,allow


2005-08-05T15:55:31-07:00,info,appl


control,C:\WINNT\system32\lsass.exe,allow,listen,17,68.150.170.45,4500


2005-08-05T15:55:31-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,4500,4500,allow


2005-08-05T15:55:33-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,send,17,64.59.184.13,53


2005-08-05T15:55:36-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,send,17,68.150.171.255,137


2005-08-05T15:55:36-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,receive,17,68.150.170.45,137


2005-08-05T15:55:37-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:55:38-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:55:39-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:55:39-07:00,info,appl control,unknown,allow,connect


out,0,0.0.0.0,0


2005-08-05T15:55:39-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,12032,12032,allow


2005-08-05T15:55:40-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:55:41-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:55:42-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:55:42-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,send,17,68.150.171.255,138


2005-08-05T15:55:42-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,receive,17,68.150.170.45,138


2005-08-05T15:55:43-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:55:44-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:55:45-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,listen,17,0.0.0.0,0


2005-08-05T15:55:45-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,1029,1029,allow


2005-08-05T15:55:45-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:55:46-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:55:46-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,receive,17,68.150.170.45,137


2005-08-05T15:55:48-07:00,info,dynamic


rule,removed,0.0.0.0,255.255.255.255,0,65535,1029,1029,allow


2005-08-05T15:55:53-07:00,success,general,daemon,Policy file has been


reloaded.


2005-08-05T15:55:53-07:00,info,dynamic


rule,removed,0.0.0.0,255.255.255.255,0,65535,58581,58581,allow


2005-08-05T15:55:53-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,58581,58581,allow


2005-08-05T15:55:54-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,receive,17,68.150.170.45,138


2005-08-05T15:55:55-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,listen,17,0.0.0.0,0


2005-08-05T15:55:55-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,1030,1030,allow


2005-08-05T15:55:55-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,receive,17,64.59.184.13,0


2005-08-05T15:55:55-07:00,info,dynamic


rule,removed,0.0.0.0,255.255.255.255,0,65535,1030,1030,allow


2005-08-05T15:55:55-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,140.112.217.129,889


2005-08-05T15:56:25-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,listen,17,0.0.0.0,0


2005-08-05T15:56:25-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,1032,1032,allow


2005-08-05T15:56:25-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,send,17,64.59.184.13,53


2005-08-05T15:56:25-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,receive,17,64.59.184.13,0


2005-08-05T15:56:25-07:00,info,dynamic


rule,removed,0.0.0.0,255.255.255.255,0,65535,1032,1032,allow


2005-08-05T15:56:25-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,65.17.240.160,889


2005-08-05T15:56:39-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,listen,17,0.0.0.0,0


2005-08-05T15:56:39-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,1034,1034,allow


2005-08-05T15:56:39-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,receive,17,64.59.184.13,0


2005-08-05T15:56:39-07:00,info,dynamic


rule,removed,0.0.0.0,255.255.255.255,0,65535,1034,1034,allow


2005-08-05T15:56:39-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,140.112.217.129,19899


2005-08-05T15:56:42-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,send,17,68.150.171.255,138


2005-08-05T15:56:42-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,receive,17,68.150.170.45,138


2005-08-05T15:56:48-07:00,info,dynamic


rule,removed,0.0.0.0,255.255.255.255,0,65535,4500,4500,allow


2005-08-05T15:56:48-07:00,info,dynamic


rule,removed,0.0.0.0,255.255.255.255,0,65535,500,500,allow


2005-08-05T15:56:48-07:00,info,appl


control,unknown,allow,send,17,68.150.171.255,138


2005-08-05T15:56:48-07:00,info,appl


control,unknown,allow,send,17,68.150.171.255,137


2005-08-05T15:56:48-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,receive,17,68.150.170.45,137


2005-08-05T15:59:04-07:00,info,appl


control,unknown,allow,receive,17,68.150.170.45,138


2005-08-05T15:59:06-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,445,445,allow


2005-08-05T15:59:00-07:00,info,appl


control,services.exe,allow,send,17,68.150.171.255,138


2005-08-05T15:59:01-07:00,info,appl


control,System,allow,send,17,68.150.171.255,138


2005-08-05T15:59:03-07:00,info,appl


control,System,allow,send,17,68.150.171.255,138


2005-08-05T15:59:04-07:00,info,appl


control,System,allow,send,17,68.150.171.255,138


2005-08-05T15:59:04-07:00,info,appl


control,C:\WINNT\system32\lsass.exe,allow,listen,17,68.150.170.45,500


2005-08-05T15:59:04-07:00,info,appl


control,C:\WINNT\system32\lsass.exe,allow,listen,17,68.150.170.45,4500


2005-08-05T15:59:05-07:00,info,appl


control,C:\WINNT\system32\svchost.exe,deny,listen,6,0.0.0.0,135


2005-08-05T15:59:06-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,445,445,allow


2005-08-05T15:59:06-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,68,68,allow


2005-08-05T15:59:06-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,138,138,allow


2005-08-05T15:59:06-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,137,137,allow


2005-08-05T15:59:06-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,139,139,allow


2005-08-05T15:59:06-07:00,success,general,daemon,Firewall Daemon service


started.


2005-08-05T15:59:06-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,58581,58581,allow


2005-08-05T15:59:06-07:00,info,appl


control,C:\WINNT\system32\svchost.exe,allow,listen,6,0.0.0.0,135


2005-08-05T15:59:06-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,listen,17,0.0.0.0,0


2005-08-05T15:59:06-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,135,135,allow


2005-08-05T15:59:06-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,1026,1026,allow


2005-08-05T15:59:06-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,listen,17,0.0.0.0,0


2005-08-05T15:59:06-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,1027,1027,allow


2005-08-05T15:59:06-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,send,17,64.59.184.13,53


2005-08-05T15:59:06-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,send,17,64.59.184.13,53


2005-08-05T15:59:06-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,receive,17,64.59.184.13,0


2005-08-05T15:59:06-07:00,info,dynamic


rule,removed,0.0.0.0,255.255.255.255,0,65535,1026,1026,allow


2005-08-05T15:59:07-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,59591,59591,allow


2005-08-05T15:59:07-07:00,info,appl


control,unknown,allow,send,17,68.150.171.255,138


2005-08-05T15:59:07-07:00,info,appl


control,C:\WINNT\system32\winlogon.exe,allow,send,17,68.150.171.255,137


2005-08-05T15:59:07-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,receive,17,68.150.170.45,137


2005-08-05T15:59:08-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,send,17,64.59.184.15,53


2005-08-05T15:59:08-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,receive,17,64.59.184.15,0


2005-08-05T15:59:08-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:59:09-07:00,info,dynamic


rule,removed,0.0.0.0,255.255.255.255,0,65535,1027,1027,allow


2005-08-05T15:59:09-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,161.58.176.169,19899


2005-08-05T15:59:10-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,send,17,68.150.171.255,137


2005-08-05T15:59:10-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,listen,17,0.0.0.0,0


2005-08-05T15:59:10-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,1029,1029,allow


2005-08-05T15:59:10-07:00,info,dynamic


rule,removed,0.0.0.0,255.255.255.255,0,65535,1029,1029,allow


2005-08-05T15:59:10-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,61.121.100.107,80


2005-08-05T15:59:10-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,61.121.100.107,80


2005-08-05T15:59:10-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:59:11-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:59:12-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:59:13-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:59:14-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:59:15-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:59:15-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,61.121.100.107,80


2005-08-05T15:59:16-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,send,17,68.150.171.255,138


2005-08-05T15:59:16-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,receive,17,68.150.170.45,138


2005-08-05T15:59:16-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:59:17-07:00,info,appl


control,,allow,send,17,68.150.171.255,137


2005-08-05T15:59:17-07:00,info,appl


control,C:\WINNT\system32\services.exe,allow,receive,17,68.150.170.45,137


2005-08-05T15:59:18-07:00,info,appl


control,C:\WINNT\vsmom.exe,allow,listen,6,0.0.0.0,22286


2005-08-05T15:59:18-07:00,info,dynamic


rule,added,0.0.0.0,255.255.255.255,0,65535,22286,22286,allow


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.219.18,135


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.218.251,135


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.63.140,135


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.168.25,135


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.13.171,135


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.159.118,135


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.114.60,135


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.216.204,135


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.64.90,135


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.165.235,135


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.11.124,135


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.7.4,135


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.112.13,135


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.216.154,135


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.62.44,135


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.163.188,135


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.8.78,135


2005-08-05T15:59:18-07:00,info,appl control,C:\WINNT\vsmom.exe,allow,connect


out,6,68.150.113.219,135



regards......'Ole


-----------------------------------------------------------


"Power always thinks it has a great soul and vast views beyond the


comprehension of the weak; and that it is doing God's service when it is


violating all His laws. Our passions...possess so much metaphysical subtlety


and so much overpowering eloquence that they insinuate themselves into the


understanding and the conscience and convert both to their party."


                         --JOHN ADAMS


Received on Thu Sep 29 20:01:33 2005