Chapter 8: Firewall LANCOM Reference Manual LCOS 3.50
133
Firewall
FROM: LANCOM_Firewall@MyCompany.com
TO: Administrator@MyCompany.com
SUBJECT: packet filtered
Date: 9/24/2002 15:06:46
The packet below
Src: 10.0.0.37:4353 {cs2} Dst: 192.168.200.10:80
{ntserver} (TCP)
45 00 00 2c ed 50 40 00 80 06 7a a3 0a 00 00 25 | E..,.P@.
..z....%
c0 a8 c8 0a 11 01 00 50 00 77 5e d4 00 00 00 00 | .......P
.w^.....
60 02 20 00 74 b2 00 00 02 04 05 b4 | `. .t... ....
matched this filter rule: BLOCKHTTP
and exceeded this limit: more than 0 packets transmitted
or received on a connection
because of this the actions below were performed:
drop
block source address for 1 minutes
send syslog message
send SNMP trap
send email to administrator
Notification by SNMP trap
If as notification method dispatching SNMP traps was activated (see also
’Configuration using SNMP’ →page20), then the first line of the logging
table is sent away as enterprise specific trap 26. This trap contains additionally
the system descriptor and the system name from the MIB-2.
For the example the following trap is thus produced:
SNMP: SNMPv1; community = public; SNMPv1 Trap; Length = 443
(0x1BB)
SNMP: Message type = SNMPv1
SNMP: Version = 1 (0x0)
SNMP: Community = public
SNMP: PDU type = SNMPv1 Trap
SNMP: Enterprise = 1.3.6.1.4.1.2356.400.1.6021
SNMP: Agent IP address = 10.0.0.43