Firewall Log
Name
Institution Affiliation
Date
Question a
The Internet protocol can be rejected when the owner cannot be identified or seen spoofing; thus, it is seen as dangerous to be allowed through the firewall (Zhang & Green,2015). When the internet protocols are of suspicious unbound, they do not make successful logs into the firewall; thus, they get dropped. They should be examined where they are coming from? Try to examine if they are associated with your internet service provider.
Question b
When there are ports that are not used, they should be examined if they are reserve ports. If the ports have been identified by malicious intruders since they are not used, hackers can use the ports to have their intrusion into the system. When such ports have been identified, the port numbers should be compared against the known hacker program so that you can know if the hacker is associated with them. For example, port 31337 is associated with probes and means somebody is ready to install malicious software in your network (Mos,2015).
Question c
Source-routed packets are a sign of someone trying to spoof into your internet; thus, the packets of the source address show up internally (Lie et al.,2016). In this case, you should examine who is trying to intrude into the network. The logs of the intruder should be identified if they have managed to go through the firewall. The packets should be identified if they are malicious Trojans invading into the networks. It will help to have preparedness for the put measures that will help control malicious intrusions.
Question d
Outbound connections are an indicator that someone is launching an attack from your webserver to another person (Luo et al.,2018). In this situation, you should examine which internet protocol is connected to that action. The computer that is connected to the webserver should be monitored. The time the action started and services that were running through the webserver should be examined.
Question e
When there are many unsuccessful logins, it means an unauthorized person is trying to intrude into the system. Therefore, you should examine which rules you should implement so that you can drop connections that are logging into the system (Latham, Homorodi & Engan,2020). It would be best if you examined the internet protocol is not a spoofed address plus know it is coming from the same domain.
Reference
Latham, J. A., Homorodi, Z., & Engan, M. (2020). U.S. Patent No. 10,630,729. Washington, DC: U.S. Patent and Trademark Office.
Lie, S., Ditya, V., & Lauterbach, G. R. (2016). U.S. Patent No. 9,331,958. Washington, DC: U.S. Patent and Trademark Office.
Luo, P., Briggs, R. H., Jeffrey, B. R., DiPlacido, M., & Ahmad, N. (2018). U.S. Patent Application No. 15/428,810.
Mos, A. C. (2015). U.S. Patent Application No. 13/963,240.
Zhang, C., & Green, R. (2015, April). Communication security on the internet of thing: preventive measure and avoid DDoS attack over IoT network. In Proceedings of the 18th Symposium on Communications & Networking (pp. 8-15).