Chapter 25 Logs Screens
Table 150 Attack Logs (continued)
LOG MESSAGE | DESCRIPTION |
ip spoofing - WAN [ TCP | The firewall detected an IP spoofing attack on the WAN port. |
UDP IGMP ESP GRE |
|
OSPF ] |
|
ip spoofing - WAN ICMP | The firewall detected an ICMP IP spoofing attack on the WAN |
(type:%d, code:%d) | port. |
icmp echo : ICMP | The firewall detected an ICMP echo attack. |
(type:%d, code:%d) |
|
syn flood TCP | The firewall detected a TCP syn flood attack. |
ports scan TCP | The firewall detected a TCP port scan attack. |
teardrop TCP | The firewall detected a TCP teardrop attack. |
teardrop UDP | The firewall detected an UDP teardrop attack. |
teardrop ICMP (type:%d, | The firewall detected an ICMP teardrop attack. |
code:%d) |
|
illegal command TCP | The firewall detected a TCP illegal command attack. |
NetBIOS TCP | The firewall detected a TCP NetBIOS attack. |
ip spoofing - no routing | The firewall classified a packet with no source routing entry as an |
entry [ TCP UDP IGMP | IP spoofing attack. |
ESP GRE OSPF ] |
|
ip spoofing - no routing | The firewall classified an ICMP packet with no source routing |
entry ICMP (type:%d, | entry as an IP spoofing attack. |
code:%d) |
|
vulnerability ICMP | The firewall detected an ICMP vulnerability attack. |
(type:%d, code:%d) |
|
traceroute ICMP (type:%d, | The firewall detected an ICMP traceroute attack. |
code:%d) |
|
ports scan UDP | The firewall detected a UDP port scan attack. |
Firewall sent TCP packet | The firewall sent TCP packet in response to a DoS attack |
in response to DoS attack |
|
TCP |
|
ICMP Source Quench ICMP | The firewall detected an ICMP Source Quench attack. |
ICMP Time Exceed ICMP | The firewall detected an ICMP Time Exceed attack. |
ICMP Destination | The firewall detected an ICMP Destination Unreachable attack. |
Unreachable ICMP |
|
ping of death. ICMP | The firewall detected an ICMP ping of death attack. |
smurf ICMP | The firewall detected an ICMP smurf attack. |
IP address in FTP port | The IP address in an FTP port command is different from the |
command is different from | client IP address. It may be a bounce attack. |
the client IP address. It |
|
maybe a bounce attack. |
|
Fragment packet size is | The fragment packet size is smaller than the MTU size of output |
smaller than the MTU size | interface. |
of output interface. |
|
436 |
| |
ZyWALL 2 Plus User’s Guide |
| |
|
|
|