beautypg.com

Table 99 ipsec logs table 100 ike logs – ZyXEL Communications NBG420N User Manual

Page 242

background image

Chapter 21 Logs

NBG420N User’s Guide

242

teardrop UDP

The firewall detected an UDP teardrop attack.

teardrop ICMP (type:%d,
code:%d)

The firewall detected an ICMP teardrop attack. For type and code

details, see

Table 104 on page 247

.

illegal command TCP

The firewall detected a TCP illegal command attack.

NetBIOS TCP

The firewall detected a TCP NetBIOS attack.

ip spoofing - no routing
entry [TCP | UDP | IGMP |
ESP | GRE | OSPF]

The firewall classified a packet with no source routing entry as an

IP spoofing attack.

ip spoofing - no routing
entry ICMP (type:%d,
code:%d)

The firewall classified an ICMP packet with no source routing

entry as an IP spoofing attack.

vulnerability ICMP
(type:%d, code:%d)

The firewall detected an ICMP vulnerability attack. For type and

code details, see

Table 104 on page 247

.

traceroute ICMP (type:%d,
code:%d)

The firewall detected an ICMP traceroute attack. For type and

code details, see

Table 104 on page 247

.

Table 99 IPSec Logs

LOG MESSAGE

DESCRIPTION

Discard REPLAY packet

The router received and discarded a packet with an incorrect

sequence number.

Inbound packet
authentication failed

The router received a packet that has been altered. A third party may

have altered or tampered with the packet.

Receive IPSec packet,
but no corresponding
tunnel exists

The router dropped an inbound packet for which SPI could not find a

corresponding phase 2 SA.

Rule <%d> idle time out,
disconnect

The router dropped a connection that had outbound traffic and no

inbound traffic for a certain time period. You can use the "ipsec timer

chk_conn" CI command to set the time period. The default value is 2

minutes.

WAN IP changed to

The router dropped all connections with the “MyIP” configured as

“0.0.0.0” when the WAN IP address changed.

Table 100 IKE Logs

LOG MESSAGE

DESCRIPTION

Active connection allowed
exceeded

The IKE process for a new connection failed because the limit

of simultaneous phase 2 SAs has been reached.

Start Phase 2: Quick Mode

Phase 2 Quick Mode has started.

Verifying Remote ID failed:

The connection failed during IKE phase 2 because the router

and the peer’s Local/Remote Addresses don’t match.

Table 98 Attack Logs (continued)

LOG MESSAGE

DESCRIPTION

See also other documents in the category ZyXEL Communications Hardware: