WSM Reference Guide - WatchGuard Technologies
20.02.2014 Views
Share Embed Flag

WSM Reference Guide - WatchGuard Technologies

WSM Reference Guide - WatchGuard Technologies

WSM Reference Guide - WatchGuard Technologies

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
watchguard.com

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Alarm Logs<br />

Denial of Servce (DoS) Alarms<br />

Default<br />

Name<br />

Port-Scan<br />

Message Format Example Message Caused By<br />

alarm_name detected.<br />

message_string.<br />

Port-Scan detected. Port scan<br />

threshold 300 reached, 300 ports<br />

scanned by 192.168.228.226 in 10<br />

seconds.<br />

These alarms are<br />

triggered by Port Space<br />

Probe attacks.<br />

IP-Scan<br />

alarm_name detected.<br />

message_string.<br />

IP-Scan detected. IP scan threshold<br />

300 reached, 300 IPs scanned by<br />

192.168.228.226 in 10 seconds.<br />

These alarms are<br />

triggered by Address<br />

Space Probe attacks.<br />

IP-<br />

Spoofing<br />

alarm_name detected.<br />

message_string.<br />

IP-Spoofing detected. IP source<br />

spoofing detected, src_intf=30,<br />

src_ip=192.168.228.226.<br />

These alarms are<br />

triggered by IP Spoofing<br />

attacks.<br />

Tear-Drop<br />

alarm_name detected. TEAR-DROP<br />

attack detected on interface<br />

interface_number.<br />

Tear-Drop detected. TEAR-DROP<br />

attack detected on interface 1.<br />

These alarms are<br />

triggered by Tear-Drop<br />

attacks.<br />

Traffic Alarms<br />

Default<br />

Name<br />

Traffic<br />

ESP-Auth-<br />

Error<br />

AH-Auth-<br />

Error<br />

Message Format Example Message Caused By<br />

alarm _name detected,<br />

message_string.<br />

alarm_name detected. ESP<br />

Authentication error,<br />

policy_id=policy_id_number,<br />

local_ip=local_IP_address,<br />

peer_ip=peer_IP_address, spi=spi,<br />

sa_id=ID_of_SA,<br />

interface=interface_number, the<br />

first (x) bytes are list_of_first x<br />

number of bytes.<br />

alarm_name detected. AH<br />

Authentication error,<br />

policy_id=policy_id_number,<br />

local_ip=local_IP_address,<br />

peer_ip=peer_IP_address, spi=spi,<br />

sa_id=ID_of_SA,<br />

interface=interface_number, the<br />

first (x) bytes are list_of_first x<br />

number of bytes.<br />

NOTE: The content of this alarm<br />

message is based on what traffic<br />

event triggered the alarm. See the<br />

examples below.<br />

ESP-Auth-Error detected. ESP<br />

Authentication error, policy_id=2,<br />

local_ip=10.10.10.10,<br />

peer_ip=192.168.228.226,<br />

spi=12345678, sa_id=1000,<br />

interface=1, the first 80 bytes are<br />

A0 B1 C2.........<br />

AH-Auth-Error detected. AH<br />

Authentication error, policy_id=2,<br />

local_ip=10.10.10.10,<br />

peer_ip=192.168.228.226,<br />

spi=12345678, sa_id=1000,<br />

interface=1, the first 80 bytes are<br />

A0 B1 C2.........<br />

These alarms are<br />

triggered by any traffic<br />

events.<br />

These alarms are<br />

triggered by the traffic<br />

event “ESP-AUTH_ERR”.<br />

These alarms are<br />

triggered by the traffic<br />

event “AH_AUTH_ERR”.<br />

<strong>Reference</strong> <strong>Guide</strong> 39

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!