Relatório Semanal U&M - InvestLinux – 18/10/2010

Uptime / Last OK

Espaço em Disco OK

Dmesg OK

Logs OK

Dat Anti-Vírus OK

Top - Memória / Processos / Carga OK

Processos OK

Portas Tcp Udp Abertas OK

MRTG - Tráfego OK

MRTG - Processador OK

Ipaudit Diário OK

Ipaudit Semanal OK

Squid Reports - TopSites OK

Squid Reports - TopUsers OK

Nagios - Disponibilidade HTTP 100,00%

Nagios - Disponibilidade SMTP 100,00%

Uptime / LastUptime - Tempo Online do ServidorLast - Conexões remotas

[root@uem-gw]# uptime 13:24:52 up 7 days, 2:14, 1 user, load average: 0.41, 0.38, 0.36

[root@uem-gw]# last | sort -k 3 | moreuem ftpd6542 200.208.86.190 Mon Oct 18 10:01 - 10:01 (00:00) uem ftpd6547 200.208.86.190 Mon Oct 18 10:01 - 10:02 (00:00) uem ftpd6552 200.208.86.190 Mon Oct 18 10:02 - 10:02 (00:00) uem ftpd6553 200.208.86.190 Mon Oct 18 10:02 - 10:02 (00:00) uem ftpd6555 200.208.86.190 Mon Oct 18 10:02 - 10:02 (00:00) uem ftpd6554 200.208.86.190 Mon Oct 18 10:02 - 10:11 (00:09) uem ftpd15085 200.208.86.190 Mon Oct 18 12:55 - 12:55 (00:00) uem ftpd15090 200.208.86.190 Mon Oct 18 12:55 - 13:05 (00:10) il-adm pts/0 200.243.67.66 Mon Oct 18 13:24 still logged in wtmp begins Mon Oct 18 10:01:45 2010

Espaço em Disco[root@uem-gw]# df -hSist. Arq. Tam Usad Disp Uso% Montado em/dev/sda3 38G 18G 18G 51% /varrun 1014M 264K 1014M 1% /var/runvarlock 1014M 4,0K 1014M 1% /var/lockudev 1014M 52K 1014M 1% /devdevshm 1014M 0 1014M 0% /dev/shm/dev/sdb1 50G 15G 34G 30% /backup/dev/sda1 471M 140M 308M 32% /boot//192.168.0.105/Pessoal 20G 4,4G 16G 22% /ftp/Pessoal//192.168.0.105/Public 200G 185G 16G 93% /ftp/Public//192.168.0.105/Restrito 200G 185G 16G 93% /home/Restrito//192.168.0.100/CorporeRM 47G 18G 30G 38% /home/ponto//192.168.0.105/BKP-linux 78G 53G 25G 68% /backup-remoto

Dmesg

Dmesg – Alertas de Console (Eventuais Erros de Disco, Rede, Hardware em geral)- Sem informações relevantes -

Logs

Verificação superficial de logs do sistema: ( syslog(tmsys) / secure(tms) / squid(tmsq) )

Dat Anti-Vírus

[root@uem-gw]# freshclamClamAV update process started at Mon Oct 18 13:34:57 2010WARNING: Your ClamAV installation is OUTDATED!WARNING: Local version: 0.96.1 Recommended version: 0.96.3DON'T PANIC! Read http://www.clamav.net/support/faqmain.cld is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven)daily.cld is up to date (version: 12149, sigs: 140262, f-level: 53, builder: acab)bytecode.cld is up to date (version: 81, sigs: 10, f-level: 53, builder: edwin)

Semana Anterior:ClamAV update process started at Wed Oct 13 08:38:11 2010 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.96.1 Recommended version: 0.96.3 DON'T PANIC! Read http://www.clamav.net/support/faq main.cld is up to date (version: 52, sigs: 704727, f-level: 44, builder: sven) daily.cld is up to date (version: 12132, sigs: 139808, f-level: 53, builder: ccordes) bytecode.cld is up to date (version: 80, sigs: 10, f-level: 53, builder: edwin)

Top - Memória / Processos / Carga- Sem informações relevantes -

Processos- Sem informações relevantes -

Portas Tcp Udp Abertas

[root@uem-gw]# netstat -ap | grep LISTEN | grep -v STREAMtcp 0 0 localhost:60000 *:* LISTEN 6506/postgrey.pid -tcp 0 0 uemop402.uem.com.b:5666 *:* LISTEN 6887/nrpe tcp 0 0 *:rsync *:* LISTEN 7070/rsync tcp 0 0 localhost:mysql *:* LISTEN 6386/mysqld tcp 0 0 *:webmin *:* LISTEN 7910/perl tcp 0 0 *:81 *:* LISTEN 894/apache2 tcp 0 0 10.0.0.29:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.27:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.25:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.23:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.21:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.19:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.17:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.15:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.13:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.11:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.9:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.7:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.3:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.5:domain *:* LISTEN 5958/named tcp 0 0 10.0.0.1:domain *:* LISTEN 5958/named tcp 0 0 *:ftp *:* LISTEN 7201/proftpd: (accetcp 0 0 192.168.1.1:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.50:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.11:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.10:domain *:* LISTEN 5958/named

tcp 0 0 200.243.57.9:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.8:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.7:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.6:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.4:domain *:* LISTEN 5958/named tcp 0 0 200.243.57.3:domain *:* LISTEN 5958/named tcp 0 0 correio.uem.com.:domain *:* LISTEN 5958/named tcp 0 0 uemnotes.uem.com:domain *:* LISTEN 5958/named tcp 0 0 uemop402.uem.com:domain *:* LISTEN 5958/named tcp 0 0 localhost:domain *:* LISTEN 5958/named tcp 0 0 *:3128 *:* LISTEN 6901/(squid) tcp 0 0 *:smtp *:* LISTEN 7050/master tcp 0 0 localhost:953 *:* LISTEN 5958/named tcp 0 0 *:1723 *:* LISTEN 7057/pptpd tcp6 0 0 [::]:rsync [::]:* LISTEN 7070/rsync tcp6 0 0 [::]:domain [::]:* LISTEN 5958/named tcp6 0 0 [::]:ssh [::]:* LISTEN 6283/sshd tcp6 0 0 [::]:3000 [::]:* LISTEN 6911/ntop tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 5958/named Obs: Comando mostra na quarta coluna, preferencialmente, o nome do serviço após o caracter “:”.

root@uem-gw:~# netstat -nap | grep LISTEN | grep -v STREAMtcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 6506/postgrey.pid -tcp 0 0 192.168.0.1:5666 0.0.0.0:* LISTEN 6887/nrpe tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 7070/rsync tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 6386/mysqld tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 7910/perl tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 894/apache2 tcp 0 0 10.0.0.29:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.27:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.25:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.23:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.21:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.19:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.17:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.15:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.13:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.11:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.9:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.7:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.3:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.5:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 7201/proftpd: (accetcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.50:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.11:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.10:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.9:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.8:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.7:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.6:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.4:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.3:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.2:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 200.243.57.5:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 192.168.0.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5958/named tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN 6901/(squid) tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 7050/master tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5958/named tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 7057/pptpd tcp6 0 0 :::873 :::* LISTEN 7070/rsync tcp6 0 0 :::53 :::* LISTEN 5958/named tcp6 0 0 :::22 :::* LISTEN 6283/sshd tcp6 0 0 :::3000 :::* LISTEN 6911/ntop tcp6 0 0 ::1:953 :::* LISTEN 5958/named Obs: Comando mostra na quarta coluna a porta do serviço após o caracter “:”.

MRTG - Tráfego*

Internet – eth1

Roteador Embratel

VPN Embratel – eth2

VPN Itaboraí – tun0

*VPN sem tráfego desde 17/04/2010. Este gráfico mostra tráfego mínimo, praticamente nulo.

VPN Yamana – tun1

VPN Juruti

VPN Rio Capim – tun4

VPN Zâmbia – tun6

VPN Parapigmentos*Sem atividade

UeM ADM – CPU Utilization

UeM ADM – Load

UeM GW – CPU Utilization

UeM GW – Load

*Os gráficos foram comparados com os da semana anterior. Em caso de alteração significativa, é feita a análise de possível problema e relatado como observação abaixo do mesmo.

Os Gráficos não comentados foram considerados normais. Caso queira análise de algum específico, basta fazer o pedido.

Ipaudit Diário

- Sem informações relevantes -

Ipaudit Semanal (Top 10)

IP Host Name Incoming(bytes)

Outgoing(bytes)

Total(bytes)

200.243.057.005 uemnotes.uem.com.br 6,615,472,864 5,272,279,113 11,887,751,977

192.168.000.001 uemop402.uem.com.br 1,619,803,428 9,525,982,927 11,145,786,355

192.168.000.103 uemnotes.uem.com.br 2,058,258,655 597,992,052 2,656,250,707

200.243.057.011 - 871,784,254 422,579,495 1,294,363,749

200.243.057.008 - 578,375,249 229,953,832 808,329,081

192.168.008.155 uemop959.uem.com.br 544,940,839 71,311,065 616,251,904

192.168.000.107 uemantspam.uem.com.br 326,197,744 120,966,928 447,164,672

192.168.013.215 - 317,182,801 24,461,017 341,643,818

200.243.057.002 correio.uem.com.br 308,958,291 28,843,009 337,801,300

192.168.000.105 uemfs.uem.com.br 26,699,549 286,314,154 313,013,703

Squid Reports Semanal – 10/10/2010 a 18/10/2010

Squid Reports – TopSites

NUMACCESSED SITE CONNECT BYTES TIME

1 au.download.windowsupdate.com 177.96K 4.41G 262.97M

2 osce80-en.url.trendmicro.com 155.44K 98.49M 45.94M

3 armdl.adobe.com 112.87K 3.19G 128.78M

4 shara1.mine.nu 93.14K 130.83M 130.83M

5 89.238.172.213 72.33K 101.77M 105.15M

6 imagem2.buscape.com.br 54.63K 51.47M 3.52M

7 www.globo.com 45.97K 118.23M 7.42M

8 www.google-analytics.com 45.14K 28.41M 11.16M

9 www.postzambia.com 29.04K 145.40M 44.62M

10 s.glbimg.com 24.71K 204.04M 10.14M

11 www.google.com.br 20.92K 126.80M 15.30M

12 clients1.google.com.br 20.69K 11.11M 5.69M

13 p2.trrsf.com.br 19.68K 28.40M 3.97M

14 www.cearahitz.com 18.70K 31.40M 471.79K

15 xtv.clan.su 18.70K 26.30M 26.30M

16 ads.img.globo.com 17.68K 112.16M 11.45M

17 ad.yieldmanager.com 15.98K 64.09M 13.12M

18 xtv2.lv 15.77K 21.80M 21.80M

19 dwtest.mine.nu 15.62K 21.89M 21.89M

20 194.8.75.62 14.74K 102.78M 46.96M

Squid Reports – TopUsers

NUM USERID CONNECT BYTES %BYTES IN-CACHE-OUT ELAPSED TIME MILISEC %TIME

1 192.168.9.202 12.11K 1.80G 6.50% 0.96% 99.04% 13:46:31 49,591,086 0.11%

2 192.168.12.155 21.58K 1.27G 4.60% 1.68% 98.32% 13:54:17 50,057,335 0.11%

3 192.168.9.219 15.63K 933.28M 3.36% 1.58% 98.42% 10:06:27 36,387,653 0.08%

4 192.168.12.241 39.39K 800.36M 2.88% 2.39% 97.61% 16:50:31 60,631,360 0.13%

5 192.168.0.4 4.53K 668.46M 2.41% 1.23% 98.77% 01:56:53 7,013,864 0.02%

6 192.168.0.73 18.17K 618.05M 2.23% 4.16% 95.84% 02:56:28 10,588,486 0.02%

7 192.168.12.156 7.18K 558.38M 2.01% 0.83% 99.17% 04:44:17 17,057,961 0.04%

8 192.168.0.14 30.87K 550.25M 1.98% 7.42% 92.58% 02:57:25 10,645,083 0.02%

9 192.168.13.215 262.15K 539.76M 1.95% 19.72% 80.28% 12137:21:03 43,694,463,004 4.65%

10 192.168.14.118 18.99K 487.45M 1.76% 0.89% 99.11% 06:57:28 25,048,211 0.05%

11 192.168.0.154 20.91K 426.43M 1.54% 7.56% 92.44% 01:50:01 6,601,878 0.01%

12 192.168.9.100 36.48K 423.45M 1.53% 12.00% 88.00% 12:28:40 44,920,164 0.10%

13 192.168.12.234 39.00K 411.43M 1.48% 5.58% 94.42% 14:58:47 53,927,660 0.12%

14 192.168.9.201 44.58K 404.97M 1.46% 12.12% 87.88% 09:11:47 33,107,531 0.07%

15 192.168.12.174 32.47K 402.31M 1.45% 5.30% 94.70% 17:21:30 62,490,403 0.14%

16 192.168.10.112 46.79K 395.28M 1.42% 2.69% 97.31% 31:14:06 112,446,909 0.24%

17 192.168.0.97 15.47K 359.30M 1.29% 3.51% 96.49% 03:04:47 11,087,406 0.02%

18 192.168.0.57 46.62K 336.00M 1.21% 15.05% 84.95% 03:30:00 12,600,172 0.03%

19 192.168.0.79 25.63K 303.50M 1.09% 8.03% 91.97% 02:01:41 7,301,256 0.02%

20 192.168.9.133 13.76K 296.20M 1.07% 2.97% 97.03% 04:16:40 15,400,762 0.03%

Squid Reports – Tentativas de acesso a Sites Indevidos

LOCAL ACESSADO IPwww.nudecelebrities.com 192.168.12.234www.pornconstellation.info 192.168.12.206www.pornhub.com 192.168.12.207www.pornpin.com 192.168.12.206

Obs1: Não foi acrescentada nenhuma expressão ao arquivo /etc/squid/site_proibido.txt a fim de impedir o acesso de sites relacionados.

Trend Micro - InterScan Messaging Security Suite

DADOS DO SISTEMA

NOME VERSÃO CORRENTE DISPONÍVEL VERSÃO ANTERIORScan engine 9.200.1012 9.200.1012 9.120.1012Virus pattern 7.549.00 7.549.00 7.535.00Spyware/grayware pattern 0.871.00 0.871.00 0.871.00IntelliTrap pattern 0.141.00 0.141.00 0.141.00IntelliTrap exceptions 0.589.00 0.589.00 0.589.00Anti-spam engine 6.0.1038 6.0.1038 6.0.1038Spam pattern 17712.000 17712.000 17700.007IMSS Version 7.0-Build_Linux_3216 N/A

ESTATÍSTICAS

PERÍODO: ÚLTIMOS 7 DIAS

RESUMO

Scanning Conditions Total %Malicious code 61 0.07%Spyware/grayware 0 0%Spam 14404 17.4%Phish 0 0%Attachment 0 0%Size 0 0%Content 441 0.53%Others 0 0%Scanning exceptions 1 0%

GRÁFICOS – PERÍODO 10/10/2010 A 16/10/2010Spam by Action

Spam ActionsDetections Message % Size (MB)

Total spam message count 68297 100.00 139.033

Quarantined 14843 21.73 139.033

Deleted 0 0.00 0.000

Tagged 14843 21.73 139.033

Other 0 0.00 0.000

Rejected by NRS 53454 78.27 N/A

Rejected by IP Profiler 0 0.00 N/A

Top 10 Spam RecipientsRecipient Total Message Count Total Spam Msgs Spam Msgs % Spam Size (MB) Spam Size %

1diretoria@uem.com.br 498 260 52.21 3.809 14.922claudia.santos@uem.com.br 283 211 74.56 3.333 16.643jamily.fazza@uem.com.br 387 203 52.45 3.107 27.804uem@uem.com.br 238 202 84.87 4.020 42.365angelo.navarro@uem.com.br 461 201 43.60 1.235 2.406comercial@uem.com.br 321 200 62.31 4.061 10.467kiko.schlinz@uem.com.br 388 189 48.71 2.411 3.878evandro.rodrigo@uem.com.br 234 186 79.49 2.015 20.989informatica@uem.com.br 579 162 27.98 2.901 26.75

10angelo@uem.com.br 196 161 82.14 1.126 25.38

Virus and Malicious Code Summary

Detections Message %

Total detections 59 100.00

Messages deleted 0 0.00

Messages quarantined 59 100.00

Attachments cleaned 0 0.00

Messages with attachments deleted 59 100.00

Messages blocked by IP Profiler 0 0.00

Top 10 Virus and Malicious Code Detections1TROJ_BREDO.CI 402TROJ_OFICLA.AI 173Possible_Virus 14JS_NIMDA.A-2 15N/A 06N/A 07N/A 08N/A 09N/A 0

10N/A 0

Top 10 Virus RecipientsRecipient Total Message Count Total Virus Msgs Virus Msgs % Virus Size (MB) Virus Size %

17ca@uem.com.br 5 3 60.00 0.201 99.162edmar.castro@uem.com.br 60 3 5.00 0.172 64.053danielle.almeida@uem.com.br 71 3 4.23 0.171 7.054amdsalves@uem.com.br 36 2 5.56 0.154 73.3253ddaniela.cardoso@uem.com.br 4 2 50.00 0.154 98.7363drrbotter@uem.com.br 8 2 25.00 0.155 79.6277s@uem.com.br 26 2 7.69 0.154 66.798kikoshinz@uem.com.br 3 2 66.67 0.124 97.5397szaro@uem.com.br 12 2 16.67 0.154 75.26

10dmauricio.cortes@uem.com.br 37 2 5.41 0.124 65.51

CACTI – Gráficos

Período de 11/10/2010 a 18/10/2010

UEMFS

UEMICA

UEMNOTES

UEMPRD

UEMRMSA

Nagios

Disponibilidade – últimos 7 dias

Host Service % Time OK% Time Warning

% Time Unknown

% Time Critical

% Time Undetermined

internet_embratel Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

link-juruti Rede_Ping93.802% (93.802%)

0.000% (0.000%)

0.000% (0.000%)

6.198% (6.198%) 0.000%

link-riocapim Rede_Ping70.241% (70.241%)

0.000% (0.000%)

0.000% (0.000%)

29.759% (29.759%) 0.000%

link-yamana Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

link-zambia Rede_Ping70.175% (70.175%)

0.000% (0.000%)

0.000% (0.000%)

29.825% (29.825%) 0.000%

nagios_remoto Rede_Http100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

router_ciscoRede_Ping_ObrasEmbratel

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Rede_Telnet100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

router_intel Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Rede_Telnet100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

site_embratel Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

storage-119 Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

storage-120 Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

switch-3com-B Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

switch-3com-C Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

switch-3com-D Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

switch-3com-E Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

switch-3com-F Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

uem-adm Local_Carga100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Disk_Root100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Processos100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Users100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Rede_Http:82100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Rede_Ping100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Rede_SSH100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

uem-gw Local_Carga100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Disk_Root100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Disk_backup100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%) 0.000%

Local_Disk_bkpremoto

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_ftp_pessoal

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_ftp_public

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_home_ponto

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Disk_home_restrito

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Processos 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Local_Users 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Dns 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ftp 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Http:81 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SSH 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Squid:3128 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemantspam-imss Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_TrendImss 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_TrendPolices 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemap-aplicacao Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uembdc Rede_Active Directory

100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uembes-blackberry Rede_Http 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_LotusDomino 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemdev Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SAP 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemfs-fileserver Rede_Http 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_NetBios 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemica-metaframe Rede_Http 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Metaframe 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_TS 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemmine-database Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Sql 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemnotes-correio Rede_Https 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ldap 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Smtp 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemprd Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_SAP 99.752% (99.752%)

0.000% (0.000%)

0.000% (0.000%)

0.248% (0.248%)

0.000%

uemrmsa-database Rede_Oracle 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

uemvm-vmware Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

vm-isodoc Rede_Http 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Ping 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Rede_Postgresql 100.000% (100.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000% (0.000%)

0.000%

Average 99.095% (99.095%)

0.000% (0.000%)

0.000% (0.000%)

0.905% (0.905%)

0.000%

NTOP

Trend Micro - Office Scan

Update Status for Networked Computers

* itens marcados com a cor amarela possuem a mesma versão da semana anterior

Top 10 Security Risk Statistics for Networked Computers

Virus/Malware Statistics:

Virus/Malware

Name Infections

HTML_IFRAME.AUO 9226

Mal_Otorun1 3985

PE_MABEZAT.B-O 3835

Mal_Sality 1607

WORM_OTOIT.SMT 1181

TROJ_Generic.DIT 1098

TROJ_DLOADE.FF 975

TSC_GENCLEAN 941

Mal_Otorun2 891

BAT_BANKER.LEZC 781

Infected Computers

Name Detections Log

UEMMBB27 7344 View

SAFETY 4101 View

UEMMBB202 1874 View

UEMPABX 1098 View

UEMFS 690 View

UEMMBB312 431 View

UEMZMWS 361 View

UEMOP956 349 View

UEMOP952 226 View

UEMOP954 217 View

Infection Source

Name Detections

192.168.9.242\ADMINISTRADOR 70

192.168.4.12\KEILLA REGINA 35

192.168.9.38\ADMINISTRADOR 34

\\192.168.0.133\GUEST 22

\\192.168.0.131\GUEST 21

RAR-29A45523705\ROTINARC 19

192.168.9.250\ADMINISTRADOR 16

\\[fe80::c5b5:9711:6e96:4124]\Guest 16

\\UEMZMSPL\Guest 16

\\UEMZMSPL\ANONYMOUS LOGON 16

Spyware/Grayware Statistics:

Spyware/Grayware

Name Infections

GRAY_Gen 171

HKTL_ULTRASURF 74

GRAY_GEN.0Z1013S 62

CRCK_KEYGEN 33

SPYW_ARDAKEY 29

ADW_SAVENOW.BO 29

HKTL_USURF 25

GRAY_Sml 22

CRCK_JBEAN 20

ADW_WEBDIR.AC 12

Infected Computers

Name Detections Log

UEMFS 217 View

UEMICA 62 View

UEMPABX 31 View

UEMOP753 14 View

UEMMBB163 13 View

UEMOP421 13 View

UEMOP416 5 View

UEMOP755 5 View

UEMOP954 5 View

UEMMBB01 3 View