protocol (numerical identifier and name), application, source (logical interface name, IP
address, and port number), and destination (IP address and port number).
Type Event: This message reports an event, not an error
Severity notice
Facility LOG_PFE
ASP_SFW_SYN_DEFENSE
System Log Message syslog-prefix error-code: proto protocol-id (protocol-name),
source-interface-nameseparatorsource-address:source-port ->
destination-addressdestination-port, event-type
Description The stateful firewall discarded the packet with the indicated characteristics, because
the Transmission Control Protocol (TCP) handshake that is used to establish a session
did not complete quickly enough. The time limit is set by the 'open-timeout' statement
at the [edit interfaces <services-interface> services-options] hierarchy level or is four
seconds by default. The event was reported to intrusion detection services (IDS) and
can cause IDS to activate SYN cookie protection. The discarded packet contained the
indicated information about its protocol (numerical identifier and name), source (logical
interface name, IP address, and port number), and destination (IP address and port
number).
Type Event: This message reports an event, not an error
Severity notice
Facility LOG_PFE
Cause Possible causes for the handshake failure include the following: (1) sequence numbers
did not match in a SYN packet and a previous SYN packet (the second packet was not
a retransmission) (2) sequence numbers did not match in a SYN/ACK packet and a
previous SYN packet (3) either or both a SYN/ACK packet and an ACK packet did not
arrive at the firewall within the time limit.
ASP_SFW_TCP_BAD_SYN_COOKIE_RESP
System Log Message syslog-prefix error-code: proto protocol-id (protocol-name),
source-interface-nameseparatorsource-address:source-port ->
destination-addressdestination-port, event-type
Description The stateful firewall discarded the Transmission Control Protocol (TCP) ACK packet
with the indicated characteristics, either because it is the first packet in a session, or
because its sequence number did not match the sequence number in the SYN/ACK
packet that the firewall previously generated for the session. The firewall generates
SYN/ACK packets when SYN cookie protection is activated. The discarded packet
contained the indicated information about its protocol (numerical identifier and name),
source (logical interface name, IP address, and port number), and destination (IP address
and port number).
Type Event: This message reports an event, not an error
99Copyright © 2010, Juniper Networks, Inc.
Chapter 9: ASP System Log Messages
To Next Page
Loading...
Need help?
General
