EasyManuals Logo

Juniper JUNOS OS 10.3 - SYSTEM LOG MESSAGES REFERENCE 7-12-2010 User Manual

Juniper JUNOS OS 10.3 - SYSTEM LOG MESSAGES REFERENCE 7-12-2010
748 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #146 background imageLoading...
Page #146 background image
Description Intrusion detection services (IDS) deactivated SYN cookie protection for the indicated
destination address. IDS deactivates this protection when it learns from the stateful
firewall that the rate of certain events has returned to a level below the threshold set by
the 'threshold' statement at the [edit services ids rule <rule-name> term <term-name>
then syn-cookie] hierarchy level. The relevant events include the ones reported by the
ASP_IDS_TCP_SYN_ATTACK, ASP_SFW_SYN_DEFENSE, and ASP_SFW_TCP_SCAN
system log messages.
Type Event: This message reports an event, not an error
Severity error
Facility LOG_PFE
ASP_IDS_SYN_COOKIE_ON
System Log Message Host destination-address, SYN-COOKIE protection activated
Description Intrusion detection services (IDS) activated SYN cookie protection for the indicated
destination address, because it learned from the stateful firewall that the rate of certain
events exceeded the threshold set by the 'threshold' statement at the [edit services ids
rule <rule-name> term <term-name> then syn-cookie] hierarchy level. The events include
the ones reported by the ASP_IDS_TCP_SYN_ATTACK, ASP_SFW_SYN_DEFENSE, and
ASP_SFW_TCP_SCAN system log messages. When SYN cookie protection is activated
for a flow to a destination and the TCP handshake has not completed, the stateful firewall
generates a SYN/ACK packet for each SYN packet directed to the destination.
Type Event: This message reports an event, not an error
Severity error
Facility LOG_PFE
ASP_IDS_TCP_SYN_ATTACK
System Log Message syslog-prefix error-code: proto protocol-id (protocol-name),
source-interface-nameseparatorsource-address:source-port ->
destination-addressdestination-port, event-type
Description The stateful firewall received the packet with the indicated characteristics and determined
that it was a duplicate Transmission Control Protocol (TCP) SYN packet (the SYN flag
was set and a SYN packet was already received for the flow to the destination). The
event was reported to intrusion detection services (IDS) and can cause IDS to activate
SYN cookie protection. The packet contained the indicated information about its protocol
(numerical identifier and name), source (logical interface name, IP address, and port
number), and destination (IP address and port number).
Type Event: This message reports an event, not an error
Severity error
Facility LOG_PFE
Copyright © 2010, Juniper Networks, Inc.82
Junos 10.3 System Log Messages Reference

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Juniper JUNOS OS 10.3 - SYSTEM LOG MESSAGES REFERENCE 7-12-2010 and is the answer not in the manual?

Juniper JUNOS OS 10.3 - SYSTEM LOG MESSAGES REFERENCE 7-12-2010 Specifications

General IconGeneral
BrandJuniper
ModelJUNOS OS 10.3 - SYSTEM LOG MESSAGES REFERENCE 7-12-2010
CategorySoftware
LanguageEnglish

Related product manuals