Table of Contents
Advertisement
SonicWALL Log Messages
•
TCP, UDP, or ICMP packets dropped
When IP packets are blocked by the SonicWALL, dropped TCP, UDP and ICMP
messages is displayed. The messages include the source and destination IP
addresses of the packet. The TCP or UDP port number or the ICMP code follows
the IP address. Log messages usually include the name of the service in quotation
marks.
•
Web, FTP, Gopher, or Newsgroup blocked
When a machine attempts to connect to the blocked site or newsgroup, a log event
is displayed. The machine's IP address, Ethernet address, the name of the blocked
Web site, and the Content Filter List Code is displayed. Code definitions for the
12 Content Filter List categories are shown below.
a=Violence/profanity
b=Partial Nudity
c=Full Nudity
d=Sexual Acts
e=gross depictions
f=intolerance
•
ActiveX, Java, Cookie or Code Archive blocked
When ActiveX, Java or Web cookies are blocked, messages with the source and
destination IP addresses of the connection attempt is displayed.
•
Ping of Death, IP Spoof, and SYN Flood Attacks
The IP address of the machine under attack and the source of the attack is
displayed. In most attacks, the source address shown is fake and does not reflect
the real source of the attack.
Note: Some network conditions can produce network traffic that appears to be an
attack, even when no one is deliberately attacking the LAN. To follow up on a possible
attack, contact your ISP to determine the source of the attack. Regardless of the
nature of the attack, your LAN is protected and no further steps must be taken.
g=Satanic/cult
h=Drug Culture
i=Militant/extremist
j=sex education
k=Gambling/illegal
l=alcohol/tobacco
SonicWALL Internet Security Appliance Guide Page 51
Advertisement
Table of Contents
