2.28.9. igmp_query_received (ID: 04200010)
Default Severity
Log Message
Rule <name> <action> IGMP Query about group <grp> and source
<src> at interface <if> from router <rip>. Group <grp> is translated
into <sgrp> and source <src> into <ssrc>.
Explanation
Got IGMP Query.
Gateway Action
allow
Recommended Action
None.
Revision
1
Parameters
if
rip
igmpver
grp
src
sgrp
ssrc
name
action
2.28.10. bad_src (ID: 04200011)
Default Severity
Log Message
Rule <name> drops multicast sender <src> (SAT'ed into <sats>) in
group <grp> (SAT'ed into <satg>) specific IGMP Query at interface
<iface>.
Explanation
This is most likely a faulty IGMP configuration, but may also indicate
faulty software on the network. Under special circumstances this
could be an active attempt to scan the network for information.
Gateway Action
drop
Recommended Action
Specifically check your IGMP ruleset for incorrect SAT information
(IGMP support requires at least one "REPORT" (Member Report) rule
and one matching "QUERY" rule). Make sure both multicast groups
and source addresses map one-to-one between Member Reports
and Queries. Finally check the network for for other anomalies that
could indicate broken equipment or installed "spyware".
Revision
1
Parameters
name
src
grp
sats
satg
iface
Chapter 2: Log Message Reference
310
Summary of Contents for NetDefend DFL-260E
Page 32: ...List of Tables 1 Abbreviations 35 32...
Page 33: ...List of Examples 1 Log Message Parameters 34 2 Conditional Log Message Parameters 34 33...
Page 42: ...routemetric Route metric cost Chapter 1 Introduction 42...
Page 44: ...Chapter 1 Introduction 44...
Page 216: ...Rule Information Connection Chapter 2 Log Message Reference 216...
Page 243: ...client_ip Context Parameters Rule Name Packet Buffer Chapter 2 Log Message Reference 243...
Page 556: ...logger Chapter 2 Log Message Reference 556...
Page 613: ...Parameters location Chapter 2 Log Message Reference 613...