User`s manual

Attack log message format

Attack logs record attacks made on the DFL-500. Each attack log message records the date and time at

which the attack was made, a description of the attack, and the IP address of the computer from which the

attack originated.

When running in Transparent mode, the DFL-500 does not create an Attack log.

Attack log messages are created when the DFL-500 detects one of the attacks listed on the IDS > Attack

Prevention page.

A sample attack log message contains the following information:

Jan 23 11:11:28 2002 Attack port scan between Wed Jan 23 11:06:55 2002 and Wed

Jan 23 11:06:28 2002 from 23.24.26.78 to 216.21.152.65 tcp port 2765 to 27702

Attack log message format

describes the attack log message format.

Attack log message format

Description Format Example

Maximum

Length

Date and time the log

message was recorded

MMM DD hh:mm:ss Jan 23 11:11:28

15 bytes

Message describing

type of attack

message Attack port scan

Start and end times of

attack

between DDD MMM DD hh:mm:ss

YYYY and DDD MMM DD

hh:mm:ss YYYY

between Wed Jan 23 11:06:55

2002 and Wed Jan 23 11:06:28

2002

Source address of the

attack.

from ipaddress from 23.24.26.78

Destination address of

the attack

to ipaddress to 216.21.152.65

Protocol used for the

attack.

tcp , udp , or icmp

tcp

5 bytes

Port range of the attack

port to port 2765 to 27702

DFL-500 User’s Manual