beautypg.com

Table 100 ipsec logs – ZyXEL Communications P-660HW-T v2 User Manual

Page 235

background image

P-660HW-T v2 User’s Guide

Chapter 18 Logs

235

ip spoofing - WAN ICMP
(type:%d, code:%d)

The firewall detected an ICMP IP spoofing attack on the WAN port.

For type and code details, see

Table 106 on page 242

.

icmp echo: ICMP (type:%d,
code:%d)

The firewall detected an ICMP echo attack. For type and code

details, see

Table 106 on page 242

.

syn flood TCP

The firewall detected a TCP syn flood attack.

ports scan TCP

The firewall detected a TCP port scan attack.

teardrop TCP

The firewall detected a TCP teardrop attack.

teardrop UDP

The firewall detected an UDP teardrop attack.

teardrop ICMP (type:%d,
code:%d)

The firewall detected an ICMP teardrop attack. For type and code

details, see

Table 106 on page 242

.

illegal command TCP

The firewall detected a TCP illegal command attack.

NetBIOS TCP

The firewall detected a TCP NetBIOS attack.

ip spoofing - no routing
entry [TCP | UDP | IGMP |
ESP | GRE | OSPF]

The firewall classified a packet with no source routing entry as an

IP spoofing attack.

ip spoofing - no routing
entry ICMP (type:%d,
code:%d)

The firewall classified an ICMP packet with no source routing entry

as an IP spoofing attack.

vulnerability ICMP
(type:%d, code:%d)

The firewall detected an ICMP vulnerability attack. For type and

code details, see

Table 106 on page 242

.

traceroute ICMP (type:%d,
code:%d)

The firewall detected an ICMP traceroute attack. For type and

code details, see

Table 106 on page 242

.

Table 100 IPSec Logs

LOG MESSAGE

DESCRIPTION

Discard REPLAY packet

The router received and discarded a packet with an incorrect

sequence number.

Inbound packet
authentication failed

The router received a packet that has been altered. A third party may

have altered or tampered with the packet.

Receive IPSec packet,
but no corresponding
tunnel exists

The router dropped an inbound packet for which SPI could not find a

corresponding phase 2 SA.

Rule <%d> idle time out,
disconnect

The router dropped a connection that had outbound traffic and no

inbound traffic for a certain time period. You can use the "ipsec timer

chk_conn" CI command to set the time period. The default value is 2

minutes.

WAN IP changed to

The router dropped all connections with the “MyIP” configured as

“0.0.0.0” when the WAN IP address changed.

Table 99 Attack Logs (continued)

LOG MESSAGE

DESCRIPTION

See also other documents in the category ZyXEL Communications Hardware: