22.11 Security Log
279
Example
[17/Jul/2008 11:46:38] Anti-Spoofing:
Packet from LAN, proto:TCP, len:48,
ip/port:61.173.81.166:1864 -> 195.39.55.10:445,
flags:
SYN, seq:3819654104 ack:0, win:16384, tcplen:0
•
packet from
— packet direction (either
from
, i.e. sent via the interface, or
to
, i.e.
received via the interface)
•
LAN
— interface name (see chapter
for details)
•
proto:
— transport protocol (TCP, UDP, etc.)
•
len:
— packet size in bytes (including the headers) in bytes
•
ip/port:
— source IP address, source port, destination IP address and destina-
tion port
•
flags:
— TCP flags
•
seq:
— sequence number of the packet (TCP only)
•
ack:
— acknowledgement sequence number (TCP only)
•
win:
— size of the receive window in bytes (it is used for data flow control — TCP
only)
•
tcplen:
— TCP payload size (i.e. size of the data part of the packet) in bytes (TCP
only)
2.
FTP protocol parser log records
Example 1
[17/Jul/2008 11:55:14] FTP: Bounce attack attempt:
client:
1.2.3.4, server:
5.6.7.8,
command:
PORT 10,11,12,13,14,15
(attack attempt detected — a foreign IP address in the
PORT
command)
Example 2
[17/Jul/2008 11:56:27] FTP: Malicious server reply:
client:
1.2.3.4, server:
5.6.7.8,
response:
227 Entering Passive Mode (10,11,12,13,14,15)
(suspicious server reply with a foreign IP address)
3.
Failed user authentication log records
Message format:
Authentication:
<service>:
Client:
<IP address>:
<reason>
•
<service>
— The
WinRoute
service to which the user attempted to authenti-
cate (
Admin
= administration using
Kerio Administration Console
,
WebAdmin
= web
Summary of Contents for KERIO WINROUTE FIREWALL 6
Page 1: ...Kerio WinRoute Firewall 6 Administrator s Guide Kerio Technologies s r o...
Page 157: ...12 3 Content Rating System Kerio Web Filter 157 Figure 12 7 Kerio Web Filter rule...
Page 247: ...19 4 Alerts 247 Figure 19 14 Details of a selected event...
Page 330: ...Chapter 23 Kerio VPN 330 Figure 23 55 The Paris filial office VPN server configuration...
Page 368: ...368...