2.41. IP_PROTO

Home Prev	cOS Core 15.00.01 Log Reference Guide	Next

2.41.1. multicast_ethernet_ip_address_mismatch (ID: 07000011)

Default Severity: WARNING
Log Message: Received packet with a destination IP address <ip_multicast_addr> that does not match the Ethernet multicast address <eth_multicast_addr>
Explanation: A packet was received with an IP multicast Ethernet address as destination address. The IP address in the IP header does however not match it. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: ip_multicast_addr
eth_multicast_addr
Context Parameters: Rule Name
Packet Buffer

2.41.2. invalid_ip4_header_length (ID: 07000012)

Default Severity: WARNING
Log Message: Invalid IP4 Header length - total length is <totlen> bytes. Dropping
Explanation: The packet contains an invalid IP4 Header Length. The total length is more than 64 Kb, which is not allowed. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: totlen
Context Parameters: Rule Name
Packet Buffer

2.41.3. ttl_zero (ID: 07000013)

Default Severity: WARNING
Log Message: Received packet with zero TTL. Dropping
Explanation: A packet was received with a TTL (Time-To-Live) field set to zero, which is not allowed. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.41.4. ttl_low (ID: 07000014)

Default Severity: WARNING
Log Message: Received packet with too low TTL of <ttl>. Min TTL is <ttlmin>. Dropping
Explanation: The received packet has a TTL (Time-To-Live) field which is too low. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: ttl
ttlmin
Context Parameters: Rule Name
Packet Buffer

2.41.5. ip_rsv_flag_set (ID: 07000015)

Default Severity: WARNING
Log Message: The IP Reserved Flag was set. Dropping
Explanation: The received packet has the IP Reserved Flag set. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.41.6. oversize_tcp (ID: 07000018)

Default Severity: WARNING
Log Message: Configured size limit for the TCP protocol exceeded. Dropping
Explanation: The configured size limit for the TCP protocol was exceeded. Dropping packet.
Firewall Action: drop
Recommended Action: This can be changed under the Advanced Settings section.
Revision: 1
Parameters: proto
Context Parameters: Rule Name
Packet Buffer

2.41.7. invalid_tcp_header (ID: 07000019)

Default Severity: WARNING
Log Message: Invalid TCP header - IPDataLen=<ipdatalen>, TCPHdrLen=<tcphdrlen>. Dropping
Explanation: The TCP packet contains an invalid header. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: ipdatalen
tcphdrlen
Context Parameters: Rule Name
Packet Buffer

2.41.8. oversize_udp (ID: 07000021)

Default Severity: WARNING
Log Message: Configured size limit for the UDP protocol exceeded. Dropping
Explanation: The configured size limit for the UDP protocol was exceeded. Dropping packet.
Firewall Action: drop
Recommended Action: This can be changed under the Advanced Settings section.
Revision: 1
Parameters: proto
Context Parameters: Rule Name
Packet Buffer

2.41.9. invalid_udp_header (ID: 07000022)

Default Severity: WARNING
Log Message: Invalid UDP header - IPDataLen=<ipdatalen>, UDPTotLen=<udptotlen>. Dropping
Explanation: The UDP packet contains an invalid header. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: ipdatalen
udptotlen
Context Parameters: Rule Name
Packet Buffer

2.41.10. oversize_icmp (ID: 07000023)

Default Severity: WARNING
Log Message: Configured size limit for the ICMP protocol exceeded. Dropping
Explanation: The configured size limit for the ICMP protocol was exceeded. Dropping packet.
Firewall Action: drop
Recommended Action: This can be changed under the Advanced Settings section.
Revision: 1
Parameters: proto
Context Parameters: Rule Name
Packet Buffer

2.41.11. invalid_icmp_header (ID: 07000024)

Default Severity: WARNING
Log Message: Invalid ICMP header - IPDataLen=<ipdatalen>, ICMPMinLen=<icmpminlen>. Dropping
Explanation: The ICMP packet contains an invalid header. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: ipdatalen
icmpminlen
Context Parameters: Rule Name
Packet Buffer

2.41.12. multicast_ethernet_ip_address_mismatch (ID: 07000033)

Default Severity: WARNING
Log Message: Received packet with a destination IP address <ip_multicast_addr> that does not match the Ethernet multicast address <eth_multicast_addr>
Explanation: A packet was received with an IP multicast Ethernet address as destination address, but the IP address in the IP header does however not match it. This is a known exploit, though the gateway is currently configured to forward these packets.
Firewall Action: ignore
Recommended Action: None
Revision: 1
Parameters: ip_multicast_addr
eth_multicast_addr
Context Parameters: Rule Name
Packet Buffer

2.41.13. oversize_gre (ID: 07000050)

Default Severity: WARNING
Log Message: Configured size limit for the GRE protocol exceeded. Dropping
Explanation: The configured size limit for the GRE protocol was exceeded. Dropping packet.
Firewall Action: drop
Recommended Action: This can be changed under the Advanced Settings section.
Revision: 1
Parameters: proto
Context Parameters: Rule Name
Packet Buffer

2.41.14. oversize_esp (ID: 07000051)

Default Severity: WARNING
Log Message: Configured size limit for the ESP protocol exceeded. Dropping
Explanation: The configured size limit for the ESP protocol was exceeded. Dropping packet.
Firewall Action: drop
Recommended Action: This can be changed under the Advanced Settings section.
Revision: 1
Parameters: proto
Context Parameters: Rule Name
Packet Buffer

2.41.15. oversize_ah (ID: 07000052)

Default Severity: WARNING
Log Message: Configured size limit for the AH protocol exceeded. Dropping
Explanation: The configured size limit for the AH protocol was exceeded. Dropping packet.
Firewall Action: drop
Recommended Action: This can be changed under the Advanced Settings section.
Revision: 1
Parameters: proto
Context Parameters: Rule Name
Packet Buffer

2.41.16. oversize_skip (ID: 07000053)

Default Severity: WARNING
Log Message: Configured size limit for the SKIP protocol exceeded. Dropping
Explanation: The configured size limit for the SKIP protocol was exceeded. Dropping packet.
Firewall Action: drop
Recommended Action: This can be changed under the Advanced Settings section.
Revision: 1
Parameters: proto
Context Parameters: Rule Name
Packet Buffer

2.41.17. oversize_ospf (ID: 07000054)

Default Severity: WARNING
Log Message: Configured size limit for the OSPF protocol exceeded. Dropping
Explanation: The configured size limit for the OSPF protocol was exceeded. Dropping packet.
Firewall Action: drop
Recommended Action: This can be changed under the Advanced Settings section.
Revision: 1
Parameters: proto
Context Parameters: Rule Name
Packet Buffer

2.41.18. oversize_ipip (ID: 07000055)

Default Severity: WARNING
Log Message: Configured size limit for the IPIP protocol exceeded. Dropping
Explanation: The configured size limit for the IPIP protocol was exceeded. Dropping packet.
Firewall Action: drop
Recommended Action: This can be changed under the Advanced Settings section.
Revision: 1
Parameters: proto
Context Parameters: Rule Name
Packet Buffer

2.41.19. oversize_ipcomp (ID: 07000056)

Default Severity: WARNING
Log Message: Configured size limit for the IPComp protocol exceeded. Dropping
Explanation: The configured size limit for the IPComp protocol was exceeded. Dropping packet.
Firewall Action: drop
Recommended Action: This can be changed under the Advanced Settings section.
Revision: 1
Parameters: proto
Context Parameters: Rule Name
Packet Buffer

2.41.20. oversize_l2tp (ID: 07000057)

Default Severity: WARNING
Log Message: Configured size limit for the L2TP protocol exceeded. Dropping
Explanation: The configured size limit for the L2TP protocol was exceeded. Dropping packet.
Firewall Action: drop
Recommended Action: This can be changed under the Advanced Settings section.
Revision: 1
Parameters: proto
Context Parameters: Rule Name
Packet Buffer

2.41.21. oversize_ip (ID: 07000058)

Default Severity: WARNING
Log Message: Configured size limit for IP protocol exceeded. Dropping
Explanation: The configured size limit for the IP protocol was exceeded. Dropping packet.
Firewall Action: drop
Recommended Action: This can be changed under the Advanced Settings section.
Revision: 1
Parameters: proto
Context Parameters: Rule Name
Packet Buffer

2.41.22. hop_limit_zero (ID: 07000059)

Default Severity: WARNING
Log Message: Forward IPv6 packet with zero HopLimit. Dropping
Explanation: Try to forward a IPv6 packet with the HopLimit field set to zero, which is not allowed. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 3
Context Parameters: Rule Name
Packet Buffer

2.41.23. hop_limit_low (ID: 07000060)

Default Severity: WARNING
Log Message: Received packet with too low HopLimit of <hoplimit>. Min HopLimit is <hoplimitmin>. Dropping
Explanation: The received packet has a HopLimit field which is too low. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: hoplimit
hoplimitmin
Context Parameters: Rule Name
Packet Buffer

2.41.24. fragmented_icmp (ID: 07000070)

Default Severity: WARNING
Log Message: This ICMP type is not allowed to be fragmented. Dropping
Explanation: The ICMP type is not allowed to be framented. Only "Echo" and "EchoReply" are allowed to be fragmented. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.41.25. invalid_icmp_data_too_small (ID: 07000071)

Default Severity: WARNING
Log Message: Invalid ICMP data length. ICMPDataLen=<icmpdatalen> ICMPIPHdrMinLen=<icmpiphdrminlen>. Dropping
Explanation: The ICMP data is not large enough to contain an IPv4 Header. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: icmpdatalen
icmpiphdrminlen
Context Parameters: Rule Name
Packet Buffer

2.41.26. invalid_icmp_data_ip_ver (ID: 07000072)

Default Severity: WARNING
Log Message: Invalid ICMP data. ICMPDataLen=<icmpdatalen> ICMPIPVer=<icmpipver>. Dropping
Explanation: An invalid IP version is specified in the ICMP data. Version 4 expected. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: icmpdatalen
icmpipver
Context Parameters: Rule Name
Packet Buffer

2.41.27. invalid_icmp_data_too_small (ID: 07000073)

Default Severity: WARNING
Log Message: Invalid ICMP data length. ICMPDataLen=<icmpdatalen> ICMPIPHdrLen=<icmphdrlen>. Dropping
Explanation: The ICMP data length is invalid. It must be large enough for the actual header and the header must specify that it is atleast 20 bytes long. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: icmpdatalen
icmphdrlen
Context Parameters: Rule Name
Packet Buffer

2.41.28. invalid_icmp_data_invalid_ip_length (ID: 07000074)

Default Severity: WARNING
Log Message: Invalid ICMP data length. ICMPDataLen=<icmpdatalen> ICMPIPDataLen=<icmpipdatalen> ICMPIPDataMinLen=<icmpipdataminlen>. Dropping
Explanation: The ICMP data length is invalid. The contained IP data must be atleast 8 bytes long. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: icmpdatalen
icmpipdatalen
icmpipdataminlen
Context Parameters: Rule Name
Packet Buffer

2.41.29. invalid_icmp_data_invalid_paramprob (ID: 07000075)

Default Severity: WARNING
Log Message: Invalid ICMP ProbPtr. ICMPDataLen=<icmpdatalen> ICMPIPDataLen=<icmpipdatalen> ParamProbPtr=<paramprobptr>. Dropping
Explanation: Invalid ICMP Parameter Problem pointer. Parameter Problem pointer is not within the allowed range. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: icmpdatalen
icmpipdatalen
paramprobptr
Context Parameters: Rule Name
Packet Buffer

2.41.30. illegal_sender_address (ID: 07000076)

Default Severity: WARNING
Log Message: Source address does not identify a single node uniquely. Dropping
Explanation: The source address is ending in zeroes. Dropping packet.
Firewall Action: drop
Recommended Action: Verify that no faulty network equipment exists.
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.41.31. dest_beyond_scope (ID: 07000080)

Default Severity: WARNING
Log Message: Destination is beyond the scope of the source address. Dropping
Explanation: Link-local source address and a global-scope destination address. Dropping packet.
Firewall Action: drop
Recommended Action: Verify that no faulty network equipment exists.
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.41.32. ttl_zero (ID: 07000111)

Default Severity: WARNING
Log Message: Forward IPv4 packet with zero TTL. Dropping
Explanation: Try to forward a IPv4 packet with the TTL field set to zero, which is not allowed. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 3
Context Parameters: Rule Name
Packet Buffer