|
|
DoS sensors | Understanding the anomalies |
Anomaly | Description |
|
|
tcp_dst_session | If the number of concurrent TCP connections to one destination IP |
| address exceeds the configured threshold value, the action is |
| executed. |
|
|
udp_flood | If the UDP traffic to one destination IP address exceeds the |
| configured threshold value, the action is executed. The threshold is |
| expressed in packets per second. |
|
|
udp_scan | If the number of UDP sessions originating from one source IP |
| address exceeds the configured threshold value, the action is |
| executed. The threshold is expressed in packets per second. |
|
|
udp_src_session | If the number of concurrent UDP connections from one source IP |
| address exceeds the configured threshold value, the action is |
| executed. |
|
|
udp_dst_session | If the number of concurrent UDP connections to one destination IP |
| address exceeds the configured threshold value, the action is |
| executed. |
|
|
icmp_flood | If the number of ICMP packets sent to one destination IP address |
| exceeds the configured threshold value, the action is executed. |
| The threshold is expressed in packets per second. |
|
|
icmp_sweep | If the number of ICMP packets originating from one source IP |
| address exceeds the configured threshold value, the action is |
| executed. The threshold is expressed in packets per second. |
|
|
icmp_src_session | If the number of concurrent ICMP connections from one source IP |
| address exceeds the configured threshold value, the action is |
| executed. |
|
|
icmp_dst_session | If the number of concurrent ICMP connections to one destination |
| IP address exceeds the configured threshold value, the action is |
| executed. |
|
|
FortiGate IPS User Guide Version 3.0 MR7 |
|
49 |