Fortinet Network Device IPS Manual de usuario descargar pdf (Pagina 13)

IPS overview and general configuration Monitoring the network and dealing with attacks

FortiGate IPS User Guide Version 3.0 MR7

01-30007-0080-20080916 13

Anomaly

The following log message is generated when an attack anomaly is detected:

The FortiGuard Center

The FortiGuard Center combines the knowledge base of the Fortinet technical

team into an easily searchable database. FortiGuard Center includes both virus

and attack information. Go to http://www.fortinet.com/FortiGuardCenter/.

Search for attacks in the FortiGuard Attack Encyclopedia by any of the criteria

shown in Figure 1.

Figure 1: Searching the FortiGuard Attack Encyclopedia

Type in the name or ID of the attack, or copy and paste the URL from the log

message or alert email into a browser.

Message ID: 73001

Severity: Alert

Message: attack_id=<value_attack_id> src=<ip_address> dst=<ip_address>

src_port=<port_num> dst_port=<port_num>

interface=<interface_name> src_int=<interface_name>

dst_int=<interface_name> status={clear_session | detected | dropped |

reset} proto=<protocol_num> service=<network_service>

msg="<string><[url]>"

Example: 2004-04-07 13:58:53 log_id=0420073001 type=ips subtype=anomaly

pri=alert attack_id=100663396 src=8.8.120.254 dst=11.1.1.254

src_port=2217 dst_port=25 interface=internal src_int=n/a dst_int=n/a

status=reset proto=6 service=smtp msg="anomaly: syn_flood, 100 >

threshold 10.[Reference: http://www.fortinet.com/ids/ID100663396]"

Meaning: Attack anomaly message providing the source and destination

addressing information and the attack name.

Action: Get more information about the attack and the steps to take from the

Fortinet Attack Encyclopedia in the FortiGuard Center. Copy and paste

the URL from the log message into your browser to go directly to the

signature description in the Attack Encyclopedia.

1 2 ... 8 9 10 11 12 13 14 15 16 17 18 ... 61 62

Sin comentarios

Fortinet Network Device IPS Manual de usuario Pagina 13