P312 Broadband Security Gateway

Table 18-1

Log Screen

Field

Description

No.

This is the index number of the firewall log. 128 entries are available

 

numbered from 0 to 127. Once they are all used, the log will wrap around

 

and the old logs will be lost.

 

 

 

Time

This is the time the log was recorded in this

dd:mm:yy

e.g., Jan 1 0

 

format. You must configure Menu 24.10 for

hh:mm:ss

e.g., 00:00:00

 

real time; otherwise you get the time shown

 

 

 

 

in these examples.

 

 

 

 

 

 

Packet Information

This field lists packet information such as:

From and To IP addresses

 

 

 

protocol and port numbers.

 

 

 

 

 

Reason

This field states the reason for

not match

 

 

 

the log; i.e., was the rule

<1,01> dest IP

 

 

matched, not matched, or was

 

 

 

 

 

 

there an attack. The set and

This means this packet does not match

 

rule coordinates (<X, Y> where

the destination IP address in set 1, rule

 

X=1,2; Y=00~10) follow with a

1. Other reasons (instead of dest IP) are

 

simple explanation. There are

src IP, dest port, src port and protocol.

 

two policy sets; set 1 (X = 1) is

attack

 

 

 

for LAN to WAN rules and set 2

 

 

 

(X = 2) for WAN to LAN rules. Y

land

 

 

 

represents the rule in the set.

 

 

 

This is a log is for a DoS attack – in this

 

You can configure up to 10

 

rules in any set (Y = 01 to 10).

case a land attack. Other attack types

 

Rule number 00 is the default

are ip spoofing, icmp echo, icmp

 

rule.

vulnerability, NetBIOS, smtp illegal

 

 

command, traceroute, teardrop, or syn

 

 

flood. Please see section 14.1.2 and

 

 

Chapter 13 for a more detailed

 

 

discussion of what these attacks mean.

 

 

Action

This field displays whether the packet was blocked (i.e., silently discarded),

 

forwarded or neither (block, forward or none). “none” means that no action is

 

dictated by this rule.

 

 

 

Previous Page

Click this button to view the previous page in your log.

 

 

 

 

 

Refresh

Click this button to renew the log screen.

 

 

 

 

 

 

Clear

Click this button to clear all the logs.

 

 

 

 

 

Next Page

Click this button to view the next page in your log.

 

 

 

 

Help

Click this button for some HTML Help on fields in this screen.

 

 

 

 

 

 

18-2

Logs

Page 200
Image 200
ZyXEL Communications P-312 manual Jan 1, Src IP, dest port, src port and protocol, Are ip spoofing, icmp echo, icmp