Fortinet Network Device IPS User Manual

DoS sensors

Understanding the anomalies

FortiGate IPS User Guide Version 3.0 MR7
01-30007-0080-20080916

49

tcp_dst_session

If the number of concurrent TCP connections to one destination IP

address exceeds the configured threshold value, the action is

executed.

udp_flood

If the UDP traffic to one destination IP address exceeds the

configured threshold value, the action is executed. The threshold is

expressed in packets per second.

udp_scan

If the number of UDP sessions originating from one source IP

address exceeds the configured threshold value, the action is

executed. The threshold is expressed in packets per second.

udp_src_session

If the number of concurrent UDP connections from one source IP

address exceeds the configured threshold value, the action is

executed.

udp_dst_session

If the number of concurrent UDP connections to one destination IP

address exceeds the configured threshold value, the action is

executed.

icmp_flood

If the number of ICMP packets sent to one destination IP address

exceeds the configured threshold value, the action is executed.

The threshold is expressed in packets per second.

icmp_sweep

If the number of ICMP packets originating from one source IP

address exceeds the configured threshold value, the action is

executed. The threshold is expressed in packets per second.

icmp_src_session

If the number of concurrent ICMP connections from one source IP

address exceeds the configured threshold value, the action is

executed.

icmp_dst_session

If the number of concurrent ICMP connections to one destination

IP address exceeds the configured threshold value, the action is

executed.

Anomaly

Description