Chapter 18 Logs
P-660HW-Dx User’s Guide
242
Table 104 Attack Logs
LOG MESSAGE DESCRIPTION
attack [TCP | UDP | IGMP
| ESP | GRE | OSPF]
The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF attack.
attack ICMP (type:%d,
code:%d)
The firewall detected an ICMP attack. For type and code details,
see Table 110 on page 248.
land [TCP | UDP | IGMP |
ESP | GRE | OSPF]
The firewall detected a TCP/UDP/IGMP/ESP/GRE/OSPF land
attack.
land ICMP (type:%d,
code:%d)
The firewall detected an ICMP land attack. For type and code
details, see Table 110 on page 248.
ip spoofing - WAN [TCP |
UDP | IGMP | ESP | GRE |
OSPF]
The firewall detected an IP spoofing attack on the WAN port.
ip spoofing - WAN ICMP
(type:%d, code:%d)
The firewall detected an ICMP IP spoofing attack on the WAN
port. For type and code details, see Table 110 on page 248.
icmp echo: ICMP (type:%d,
code:%d)
The firewall detected an ICMP echo attack. For type and code
details, see Table 110 on page 248.
syn flood TCP The firewall detected a TCP syn flood attack.
ports scan TCP The firewall detected a TCP port scan attack.
teardrop TCP The firewall dete cted a TCP teardrop attack.
teardrop UDP The firewall dete cted an UDP teardrop attack.
teardrop ICMP (type:%d,
code:%d)
The firewall detected an ICMP teardrop attack. For type and code
details, see Table 110 on page 248.
illegal command TCP The firewall detected a TCP illegal command attack.
NetBIOS TCP The firewall detected a TCP NetBIOS attack.
ip spoofing - no routing
entry [TCP | UDP | IGMP |
ESP | GRE | OSPF]
The firewall classified a packet with no source routing entry as an
IP spoofing attack.
ip spoofing - no routing
entry ICMP (type:%d,
code:%d)
The firewall classified an ICMP packet with no source routing
entry as an IP spoofing attack.
vulnerability ICMP
(type:%d, code:%d)
The firewall detected an ICMP vulnerability attack. For type and
code details, see Table 110 on page 248.
traceroute ICMP (type:%d,
code:%d)
The firewall detected an ICMP traceroute attack. For type and
code details, see Table 110 on page 248.
Table 105 IPSec Logs
LOG MESSAGE DESCRIPTION
Discard REPLAY packet The router received and discarded a packet with an incorrect
sequence number.
Inbound packet
authentication failed
The router received a packet that has been altered. A third party
may have altered or tampered with the packet.
Receive IPSec packet,
but no corresponding
tunnel exists
The router dropped an inbound packet for which SPI could not find a
corresponding phase 2 SA.