Lancom Systems LCOS 3.50 User Manual

̈

Chapter 8: Firewall

LANCOM Reference Manual LCOS 3.50

133

Fi

rew

a

ll

FROM: [email protected]

TO: [email protected]

SUBJECT: packet filtered

Date: 9/24/2002 15:06:46

The packet below

Src: 10.0.0.37:4353 {cs2} Dst: 192.168.200.10:80

{ntserver} (TCP)

45 00 00 2c ed 50 40 00 80 06 7a a3 0a 00 00 25 | E..,.P@.

..z....%

c0 a8 c8 0a 11 01 00 50 00 77 5e d4 00 00 00 00 | .......P

.w^.....

60 02 20 00 74 b2 00 00 02 04 05 b4 | `. .t... ....

matched this filter rule: BLOCKHTTP

and exceeded this limit: more than 0 packets transmitted

or received on a connection

because of this the actions below were performed:

drop

block source address for 1 minutes

send syslog message

send SNMP trap

send email to administrator

Notification by SNMP trap

If as notification method dispatching SNMP traps was activated (see also
’Configuration using SNMP’

→

page 20), then the first line of the logging

table is sent away as enterprise specific trap 26. This trap contains additionally
the system descriptor and the system name from the MIB-2.

For the example the following trap is thus produced:

SNMP: SNMPv1; community = public; SNMPv1 Trap; Length = 443

(0x1BB)

SNMP: Message type = SNMPv1

SNMP: Version = 1 (0x0)

SNMP: Community = public

SNMP: PDU type = SNMPv1 Trap

SNMP: Enterprise = 1.3.6.1.4.1.2356.400.1.6021

SNMP: Agent IP address = 10.0.0.43