WSM Reference Guide - WatchGuard Technologies
WSM Reference Guide - WatchGuard Technologies
WSM Reference Guide - WatchGuard Technologies
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Alarm Logs<br />
Denial of Servce (DoS) Alarms<br />
Default<br />
Name<br />
Port-Scan<br />
Message Format Example Message Caused By<br />
alarm_name detected.<br />
message_string.<br />
Port-Scan detected. Port scan<br />
threshold 300 reached, 300 ports<br />
scanned by 192.168.228.226 in 10<br />
seconds.<br />
These alarms are<br />
triggered by Port Space<br />
Probe attacks.<br />
IP-Scan<br />
alarm_name detected.<br />
message_string.<br />
IP-Scan detected. IP scan threshold<br />
300 reached, 300 IPs scanned by<br />
192.168.228.226 in 10 seconds.<br />
These alarms are<br />
triggered by Address<br />
Space Probe attacks.<br />
IP-<br />
Spoofing<br />
alarm_name detected.<br />
message_string.<br />
IP-Spoofing detected. IP source<br />
spoofing detected, src_intf=30,<br />
src_ip=192.168.228.226.<br />
These alarms are<br />
triggered by IP Spoofing<br />
attacks.<br />
Tear-Drop<br />
alarm_name detected. TEAR-DROP<br />
attack detected on interface<br />
interface_number.<br />
Tear-Drop detected. TEAR-DROP<br />
attack detected on interface 1.<br />
These alarms are<br />
triggered by Tear-Drop<br />
attacks.<br />
Traffic Alarms<br />
Default<br />
Name<br />
Traffic<br />
ESP-Auth-<br />
Error<br />
AH-Auth-<br />
Error<br />
Message Format Example Message Caused By<br />
alarm _name detected,<br />
message_string.<br />
alarm_name detected. ESP<br />
Authentication error,<br />
policy_id=policy_id_number,<br />
local_ip=local_IP_address,<br />
peer_ip=peer_IP_address, spi=spi,<br />
sa_id=ID_of_SA,<br />
interface=interface_number, the<br />
first (x) bytes are list_of_first x<br />
number of bytes.<br />
alarm_name detected. AH<br />
Authentication error,<br />
policy_id=policy_id_number,<br />
local_ip=local_IP_address,<br />
peer_ip=peer_IP_address, spi=spi,<br />
sa_id=ID_of_SA,<br />
interface=interface_number, the<br />
first (x) bytes are list_of_first x<br />
number of bytes.<br />
NOTE: The content of this alarm<br />
message is based on what traffic<br />
event triggered the alarm. See the<br />
examples below.<br />
ESP-Auth-Error detected. ESP<br />
Authentication error, policy_id=2,<br />
local_ip=10.10.10.10,<br />
peer_ip=192.168.228.226,<br />
spi=12345678, sa_id=1000,<br />
interface=1, the first 80 bytes are<br />
A0 B1 C2.........<br />
AH-Auth-Error detected. AH<br />
Authentication error, policy_id=2,<br />
local_ip=10.10.10.10,<br />
peer_ip=192.168.228.226,<br />
spi=12345678, sa_id=1000,<br />
interface=1, the first 80 bytes are<br />
A0 B1 C2.........<br />
These alarms are<br />
triggered by any traffic<br />
events.<br />
These alarms are<br />
triggered by the traffic<br />
event “ESP-AUTH_ERR”.<br />
These alarms are<br />
triggered by the traffic<br />
event “AH_AUTH_ERR”.<br />
<strong>Reference</strong> <strong>Guide</strong> 39