ZyXEL Communications Vantage Report User Manual page 648

Appendix C ZyNOS Log Descriptions
Table 296 Access Control Logs (continued)
LOG MESSAGE
Router sent blocked web site
message: TCP
Exceed maximum sessions per host
(%d).
Firewall allowed a packet that
matched a NAT session: [ TCP |
UDP ]
Firewall matches a dynamic ACL
rule of an ALG session
Maximum number of dynamic ACL
rules exceeded.
Dynamic ACL rule, listening port
: %d, peer port : %d already
exists.
Table 297 TCP Reset Logs
LOG MESSAGE
Under SYN flood attack,
sent TCP RST
Exceed TCP MAX
incomplete, sent TCP RST
Peer TCP state out of
order, sent TCP RST
Firewall session time
out, sent TCP RST
648
DESCRIPTION
The router sent a message to notify a user that
the router blocked access to a web site that the
user requested.
The device blocked a session because the host's
connections exceeded the maximum sessions per
host.
A packet from the WAN (TCP or UDP) matched a
cone NAT session and the device forwarded it to
the LAN.
The firewall allowed access for a packet that
matched a dynamic ACL rule of an ALG session.
DESCRIPTION
The router sent a TCP reset packet when a host was under
a SYN flood attack (the TCP incomplete count is per
destination host.)
The router sent a TCP reset packet when the number of
TCP incomplete connections exceeded the user configured
threshold. (the TCP incomplete count is per destination
host.) Note: Refer to TCP Maximum Incomplete in the
Firewall Attack Alerts screen.
The router sent a TCP reset packet when a TCP connection
state was out of order.Note: The firewall refers to RFC793
Figure 6 to check the TCP state.
The router sent a TCP reset packet when a dynamic
firewall session timed out.
The default timeout values are as follows:
ICMP idle timeout: 3 minutes
UDP idle timeout: 3 minutes
TCP connection (three way handshaking) timeout: 270
seconds
TCP FIN-wait timeout: 2 MSL (Maximum Segment Lifetime
set in the TCP header).
TCP idle (established) timeout (s): 150 minutes
TCP reset timeout: 10 seconds
Vantage Report User's Guide