ZyXEL Communications P-660HNT1 User Manual page 215

Table 77 TCP Reset Logs
LOG MESSAGE
Under SYN flood attack,
sent TCP RST
Exceed TCP MAX
incomplete, sent TCP RST
Peer TCP state out of
order, sent TCP RST
Firewall session time
out, sent TCP RST
Exceed MAX incomplete,
sent TCP RST
Access block, sent TCP
RST
Table 78 Packet Filter Logs
LOG MESSAGE
[ TCP | UDP | ICMP | IGMP |
Generic ] packet filter
matched (set: %d, rule: %d)
P-660HN-TxA User's Guide
DESCRIPTION
The router sent a TCP reset packet when a host was
under a SYN flood attack (the TCP incomplete count is per
destination host.)
The router sent a TCP reset packet when the number of
TCP incomplete connections exceeded the user configured
threshold. (the TCP incomplete count is per destination
host.) Note: Refer to TCP Maximum Incomplete in the
Firewall Attack Alerts screen.
The router sent a TCP reset packet when a TCP
connection state was out of order.Note: The firewall refers
to RFC793 Figure 6 to check the TCP state.
The router sent a TCP reset packet when a dynamic
firewall session timed out.Default timeout values:ICMP
idle timeout (s): 60UDP idle timeout (s): 60TCP
connection (three way handshaking) timeout (s): 30TCP
FIN-wait timeout (s): 60TCP idle (established) timeout
(s): 3600
The router sent a TCP reset packet when the number of
incomplete connections (TCP and UDP) exceeded the
user-configured threshold. (Incomplete count is for all
TCP and UDP connections through the firewall.)Note:
When the number of incomplete connections (TCP + UDP)
> "Maximum Incomplete High", the router sends TCP RST
packets for TCP connections and destroys TOS (firewall
dynamic sessions) until incomplete connections <
"Maximum Incomplete Low".
The router sends a TCP RST packet and generates this log
if you turn on the firewall TCP reset mechanism (via CI
command: "sys firewall tcprst").
DESCRIPTION
Attempted access matched a configured filter rule
(denoted by its set and rule number) and was blocked
or forwarded according to the rule.
Chapter 20 Logs
215