Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER
371372373374375376377378379380
OmniAccess SafeGuard OS Administration Guide
378
Chapter 10: Detecting and Isolating Malware Security Threats
The following example is representative of sample output from the command for an IP
scan event:
(SafeGuardOS) # show malware trace 66.166.203.235
Trace Information
-----------------
Number of Rows:8
Event Id DstIP Protocol DstPort SrcPort Visits Last Visited Time
-------- ----- -------- ------- ------- ------ -----------------
1 66.137.210.181 TCP 135 4765 1 Fri Mar 17 13:02:30.801 2006
1 66.211.161.30 TCP 135 4764 1 Fri Mar 17 13:02:30.732 2006
1 66.238.4.54 TCP 135 4762 1 Fri Mar 17 13:02:30.732 2006
1 66.166.142.180 TCP 445 4260 1 Fri Mar 17 13:02:30.732 2006
1 66.166.142.190 TCP 445 4282 1 Fri Mar 17 13:02:30.732 2006
1 66.166.142.185 TCP 445 4270 1 Fri Mar 17 13:02:30.732 2006
1 66.166.142.182 TCP 445 4264 1 Fri Mar 17 13:02:30.732 2006
1 66.166.142.177 TCP 445 4251 1 Fri Mar 17 13:02:30.732 2006
Ta ble 3 1 explains the output fields of the show malware trace command
Table 31 Show Malware Trace Output Fields
Field Description
Event ID A system-generated identifier for the event.
Dst IP The destination IP address.
Protocol The protocol being used when the event was triggered. Valid
protocols are TCP, UDP or ICMP.
DstPort The destination port number. This field shows as N/A for ICMP.
SrcPort The source port number generating the request. This field shows
as N/A for ICMP.