You are here: Home Contents V7 N3 V7N3_Week.html
Personal tools

A Firewall Data Log Analysis of Unauthorized and Suspicious Traffic



Full text

Journal of Information System Security
Volume 7, Number 3 (2011)
Pages 215
ISSN 1551-0123
John Week — University of Nevada, Reno, USA
Polina Ivanova — University of Nevada, Reno, USA
Sandy Week — University of Nevada, Reno, USA
Alexander McLeod — University of Nevada, Reno, USA
Information Institute Publishing, Washington DC, USA




On November 2, 1988, Peter Yee at the NASA Ames Research Center sent a note out to the Internet mailing list reporting, "We are currently under attack from an Internet VIRUS!” As these events were unfolding the firewall was starting its rapid evolution. Management often underestimates the importance of sufficient network security. Remarkably, there is little information available for network administrators to use to analyze the valuable data contained in their firewall logs in order to accurately describe threats to their systems. This paper examines 7,478 attacks logged by a small business Internet Service Provider (ISP) hosting 13 domains. On average, 276 attacks occurred per day. About one half of the attacks are the common Windows RPC and SQL Slammer attacks. Slightly less than one half of those attacks came from ten networks and about 25% of those originated from ten hosts. Results suggest what actions can be taken to strengthen small business network security. Results were compared and contrasted with a similar study called Statistical Analysis of Snort Alarms for a Medium-Sized Network recently undertaken by Chantawut and Ghita (2010.)




Network Attacks, Small Business ISP, Origin of Attacks, Time of Attacks, Firewall Data Log




Avolio, F. (1999). Firewalls and Internet Security. The Internet Protocol Journal, 24-32.

Bouguettaya, A. R. A., & Eltoweissy, M. Y. (2003). Privacy on the Web: facts, challenges, and solutions. IEEE Security & Privacy, 1(6), 40-49.

Kumar, N., Mohan, K., & Holowczak, R. (2008). Locking the door but leaving the computer vulnerable: Factors inhibiting home users' adoption of software firewalls. Decision Support Systems, 46(1), 254-264.

Microsoft. (2007). Understanding TCP/IP addressing and subnetting basics [Electronic Version]. Retrieved April 23, 2009, from

Nietzsche, F. (2007). What are TCP/IP ports? [Electronic Version]. Retrieved April 24, 2009, from

Ranum, M. (2006). Log Analysis Site Overview [Electronic Version]. Retrieved April 21, 2009, from

Robertson, P., Curtin, M., & Ranum, M. (2004). Internet Firewalls: Frequently Asked Questions [Electronic Version]. Retrieved April 21, 2009,