Chapter 20 Logs
Table 111 Attack Logs |
|
LOG MESSAGE | DESCRIPTION |
attack [TCP UDP IGMP | The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF attack. |
ESP GRE OSPF] |
|
attack ICMP (type:%d, | The firewall detected an ICMP attack. For type and code details, |
code:%d) | |
land [TCP UDP IGMP | The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF land |
ESP GRE OSPF] | attack. |
land ICMP (type:%d, | The firewall detected an ICMP land attack. For type and code |
code:%d) | details, see Table 118 on page 268. |
ip spoofing - WAN [TCP | The firewall detected an IP spoofing attack on the WAN port. |
UDP IGMP ESP GRE |
|
OSPF] |
|
ip spoofing - WAN ICMP | The firewall detected an ICMP IP spoofing attack on the WAN |
(type:%d, code:%d) | port. For type and code details, see Table 118 on page 268. |
icmp echo: ICMP (type:%d, | The firewall detected an ICMP echo attack. For type and code |
code:%d) | details, see Table 118 on page 268. |
syn flood TCP | The firewall detected a TCP syn flood attack. |
ports scan TCP | The firewall detected a TCP port scan attack. |
teardrop TCP | The firewall detected a TCP teardrop attack. |
teardrop UDP | The firewall detected an UDP teardrop attack. |
teardrop ICMP (type:%d, | The firewall detected an ICMP teardrop attack. For type and code |
code:%d) | details, see Table 118 on page 268. |
illegal command TCP | The firewall detected a TCP illegal command attack. |
NetBIOS TCP | The firewall detected a TCP NetBIOS attack. |
ip spoofing - no routing | The firewall classified a packet with no source routing entry as an |
entry [TCP UDP IGMP | IP spoofing attack. |
ESP GRE OSPF] |
|
ip spoofing - no routing | The firewall classified an ICMP packet with no source routing |
entry ICMP (type:%d, | entry as an IP spoofing attack. |
code:%d) |
|
vulnerability ICMP | The firewall detected an ICMP vulnerability attack. For type and |
(type:%d, code:%d) | code details, see Table 118 on page 268. |
traceroute ICMP (type:%d, | The firewall detected an ICMP traceroute attack. For type and |
code:%d) | code details, see Table 118 on page 268. |
Table 112 IPSec Logs
LOG MESSAGE | DESCRIPTION |
Discard REPLAY packet | The router received and discarded a packet with an incorrect |
| sequence number. |
Inbound packet | The router received a packet that has been altered. A third party |
authentication failed | may have altered or tampered with the packet. |
Receive IPSec packet, | The router dropped an inbound packet for which SPI could not find a |
but no corresponding | corresponding phase 2 SA. |
tunnel exists |
|
262 |
| |
| ||
|
|
|