Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 2 replies
  • Subscribers 0 subscribers
  • Views 936 views
  • Users 0 members are here
Options
Suggested

[7.250] Dashboard, todays treath status, IPS counter [CONFIRMED]

Agadoo
The IPS counter does not count ICMP Floddings and portscans, though the IPS Log does report a event. 


2008:07:11-07:43:31 (none) ulogd[2623]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" initf="eth1" dstmac="00:40:f4:bd:0d:25" srcmac="00:11:20[:D]b:c1[:D]e" srcip="91.121.99.16" dstip="213.214.19.170" proto="6" length="48" tos="0x00" prec="0x00" ttl="117" srcport="3291" dstport="5906" tcpflags="SYN"

2008:07:11-07:43:32 (none) ulogd[2623]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" initf="eth1" dstmac="00:40:f4:bd:0d:25" srcmac="00:11:20[:D]b:c1[:D]e" srcip="91.121.99.16" dstip="213.214.19.170" proto="6" length="48" tos="0x00" prec="0x00" ttl="117" srcport="3308" dstport="5910" tcpflags="SYN"

2008:07:11-08:33:52 (none) ulogd[2623]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="eth1" dstmac="00:40:f4:bd:0d:25" srcmac="00:11:20[:D]b:c1[:D]e" srcip="212.62.64.1" dstip="213.214.19.170" proto="1" length="56" tos="0x00" prec="0x00" ttl="247" type="3" code="3"

2008:07:11-08:33:52 (none) ulogd[2623]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="eth1" dstmac="00:40:f4:bd:0d:25" srcmac="00:11:20[:D]b:c1[:D]e" srcip="212.62.64.1" dstip="213.214.19.170" proto="1" length="56" tos="0x00" prec="0x00" ttl="247" type="3" code="3"

2008:07:11-08:33:52 (none) ulogd[2623]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="eth1" dstmac="00:40:f4:bd:0d:25" srcmac="00:11:20[:D]b:c1[:D]e" srcip="212.62.64.1" dstip="213.214.19.170" proto="1" length="56" tos="0x00" prec="0x00" ttl="247" type="3" code="3"

2008:07:11-08:33:52 (none) ulogd[2623]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="eth1" dstmac="00:40:f4:bd:0d:25" srcmac="00:11:20[:D]b:c1[:D]e" srcip="212.62.64.1" dstip="213.214.19.170" proto="1" length="56" tos="0x00" prec="0x00" ttl="247" type="3" code="3"

2008:07:11-08:38:10 (none) ulogd[2623]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="eth1" dstmac="00:40:f4:bd:0d:25" srcmac="00:11:20[:D]b:c1[:D]e" srcip="212.62.64.1" dstip="213.214.19.170" proto="1" length="56" tos="0x00" prec="0x00" ttl="247" type="3" code="3"

2008:07:11-08:38:10 (none) ulogd[2623]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="eth1" dstmac="00:40:f4:bd:0d:25" srcmac="00:11:20[:D]b:c1[:D]e" srcip="212.62.64.1" dstip="213.214.19.170" proto="1" length="56" tos="0x00" prec="0x00" ttl="247" type="3" code="3"

2008:07:11-08:38:11 (none) ulogd[2623]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="eth1" dstmac="00:40:f4:bd:0d:25" srcmac="00:11:20[:D]b:c1[:D]e" srcip="212.62.64.1" dstip="213.214.19.170" proto="1" length="56" tos="0x00" prec="0x00" ttl="247" type="3" code="3"

2008:07:11-10:46:43 (none) ulogd[2623]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="eth1" dstmac="00:40:f4:bd:0d:25" srcmac="00:11:20[:D]b:c1[:D]e" srcip="212.62.64.1" dstip="213.214.19.170" proto="1" length="56" tos="0x00" prec="0x00" ttl="247" type="3" code="3"