Table 100 ipsec logs – ZyXEL Communications P-660HW-T v2 User Manual

Page 235

Advertising
background image

P-660HW-T v2 User’s Guide

Chapter 18 Logs

235

ip spoofing - WAN ICMP
(type:%d, code:%d)

The firewall detected an ICMP IP spoofing attack on the WAN port.

For type and code details, see

Table 106 on page 242

.

icmp echo: ICMP (type:%d,
code:%d)

The firewall detected an ICMP echo attack. For type and code

details, see

Table 106 on page 242

.

syn flood TCP

The firewall detected a TCP syn flood attack.

ports scan TCP

The firewall detected a TCP port scan attack.

teardrop TCP

The firewall detected a TCP teardrop attack.

teardrop UDP

The firewall detected an UDP teardrop attack.

teardrop ICMP (type:%d,
code:%d)

The firewall detected an ICMP teardrop attack. For type and code

details, see

Table 106 on page 242

.

illegal command TCP

The firewall detected a TCP illegal command attack.

NetBIOS TCP

The firewall detected a TCP NetBIOS attack.

ip spoofing - no routing
entry [TCP | UDP | IGMP |
ESP | GRE | OSPF]

The firewall classified a packet with no source routing entry as an

IP spoofing attack.

ip spoofing - no routing
entry ICMP (type:%d,
code:%d)

The firewall classified an ICMP packet with no source routing entry

as an IP spoofing attack.

vulnerability ICMP
(type:%d, code:%d)

The firewall detected an ICMP vulnerability attack. For type and

code details, see

Table 106 on page 242

.

traceroute ICMP (type:%d,
code:%d)

The firewall detected an ICMP traceroute attack. For type and

code details, see

Table 106 on page 242

.

Table 100 IPSec Logs

LOG MESSAGE

DESCRIPTION

Discard REPLAY packet

The router received and discarded a packet with an incorrect

sequence number.

Inbound packet
authentication failed

The router received a packet that has been altered. A third party may

have altered or tampered with the packet.

Receive IPSec packet,
but no corresponding
tunnel exists

The router dropped an inbound packet for which SPI could not find a

corresponding phase 2 SA.

Rule <%d> idle time out,
disconnect

The router dropped a connection that had outbound traffic and no

inbound traffic for a certain time period. You can use the "ipsec timer

chk_conn" CI command to set the time period. The default value is 2

minutes.

WAN IP changed to <IP>

The router dropped all connections with the “MyIP” configured as

“0.0.0.0” when the WAN IP address changed.

Table 99 Attack Logs (continued)

LOG MESSAGE

DESCRIPTION

Advertising
Popular Brands
Popular manuals