2.24. IDP
These log messages refer to the IDP (Intrusion Detection & Prevention events) category.
2.24.1. scan_detected (ID: 01300001)
Default Severity
Log Message
Scan detected: <description>, Signature ID=<signatureid>. ID Rule:
<idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port:
<srcport>. Destination IP: <destip>. Destination Port: <destport>.
Internal ID: <internalid>. Closing connection.
Explanation
A scan signature mapped to the "protect" action matched the traffic,
closing connection.
Gateway Action
close
Recommended Action
Research the advisory (searchable by the unique ID), if you suspect
an attack.
Revision
2
Parameters
description
signatureid
idrule
ipproto
srcip
srcport
destip
destport
internalid
Context Parameters
2.24.2. idp_notice (ID: 01300002)
Default Severity
Log Message
IDP Notice: <description>, Signature ID=<signatureid>. ID Rule:
<idrule>. Protocol: <ipproto>. Source IP: <srcip>. Source Port:
<srcport>. Destination IP: <destip>. Destination Port: <destport>.
Internal ID: <internalid>. Closing connection.
Explanation
A notice signature mapped to the "protect" action matched the
traffic, closing connection.
Gateway Action
close
Recommended Action
This is probably not an attack, but you may research the advisory
(searchable by the unique ID).
Revision
2
Parameters
description
Chapter 2: Log Message Reference
290
Summary of Contents for NetDefend DFL-260E
Page 32: ...List of Tables 1 Abbreviations 35 32...
Page 33: ...List of Examples 1 Log Message Parameters 34 2 Conditional Log Message Parameters 34 33...
Page 42: ...routemetric Route metric cost Chapter 1 Introduction 42...
Page 44: ...Chapter 1 Introduction 44...
Page 216: ...Rule Information Connection Chapter 2 Log Message Reference 216...
Page 243: ...client_ip Context Parameters Rule Name Packet Buffer Chapter 2 Log Message Reference 243...
Page 556: ...logger Chapter 2 Log Message Reference 556...
Page 613: ...Parameters location Chapter 2 Log Message Reference 613...