User's Manual

ManualsBrandsZyXEL ManualsNetworking4-Port

411

412

413

414

415

416

417

418

419

420

Appendix I Log Descriptions

P-793H User’s Guide

416

ip spoofing - WAN [TCP |

UDP | IGMP | ESP | GRE |

OSPF]

The firewall detected an IP spoofing attack on the WAN port.

ip spoofing - WAN ICMP

(type:%d, code:%d)

The firewall detected an ICMP IP spoofing attack on the WAN

port. For type and code details, see Table 167 on page 422.

icmp echo: ICMP (type:%d,

code:%d)

The firewall detected an ICMP echo attack. For type and code

details, see Table 167 on page 422.

syn flood TCP The firewall detected a TCP syn flood attack.

ports scan TCP The firewall detected a TCP port scan attack.

teardrop TCP The firewall detected a TCP teardrop attack.

teardrop UDP The firewall detected an UDP teardrop attack.

teardrop ICMP (type:%d,

code:%d)

The firewall detected an ICMP teardrop attack. For type and code

details, see Table 167 on page 422.

illegal command TCP The firewall detected a TCP illegal command attack.

NetBIOS TCP The firewall detected a TCP NetBIOS attack.

ip spoofing - no routing

entry [TCP | UDP | IGMP |

ESP | GRE | OSPF]

The firewall classified a packet with no source routing entry as an

IP spoofing attack.

ip spoofing - no routing

entry ICMP (type:%d,

code:%d)

The firewall classified an ICMP packet with no source routing

entry as an IP spoofing attack.

vulnerability ICMP

(type:%d, code:%d)

The firewall detected an ICMP vulnerability attack. For type and

code details, see Table 167 on page 422.

traceroute ICMP (type:%d,

code:%d)

The firewall detected an ICMP traceroute attack. For type and

code details, see Table 167 on page 422.

Table 161 IPSec Logs

LOG MESSAGE DESCRIPTION

Discard REPLAY packet The router received and discarded a packet with an incorrect

sequence number.

Inbound packet

authentication failed

The router received a packet that has been altered. A third party

may have altered or tampered with the packet.

Receive IPSec packet,

but no corresponding

tunnel exists

The router dropped an inbound packet for which SPI could not find a

corresponding phase 2 SA.

Rule <%d> idle time

out, disconnect

The router dropped a connection that had outbound traffic and no

inbound traffic for a certain time period. You can use the "ipsec timer

chk_conn" CI command to set the time period. The default value is 2

minutes.

WAN IP changed to <IP> The router dropped all connections with the “MyIP” configured as

“0.0.0.0” when the WAN IP address changed.

Table 160 Attack Logs (continued)

LOG MESSAGE DESCRIPTION