These log messages refer to the ETHERNET category.
2.11.1. [ID: 357] Broadcast Ethernet source
- Log Categories
- ETHERNET,STATELESS,VALIDATE
- Log Message
- Broadcast Ethernet source.
- Default Log Severity
- Warning
- Parameters
- srchw, pkt
- Explanation
- An Ethernet packet with the sender address set to the broadcast address was received.
- Gateway Action
- Allow
- Action Description
- None
- Proposed Action
- Legal uses for network packets with a broadcast Ethernet sender are rare. Consider adjusting the EthernetSettings:BroadcastEnetSender setting to drop these kind of packets.
2.11.2. [ID: 613] Broadcast Ethernet source
- Log Categories
- ETHERNET,STATELESS,VALIDATE
- Log Message
- Broadcast Ethernet source.
- Default Log Severity
- Warning
- Parameters
- srchw, pkt
- Explanation
- An Ethernet packet with the sender address set to the broadcast address was received.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- Legal uses for network packets with a broadcast Ethernet sender are rare. The EthernetSettings:BroadcastEnetSender setting can be changed to allow these kind of packets.
2.11.3. [ID: 615] Multicast Ethernet source
- Log Categories
- ETHERNET,STATELESS,VALIDATE
- Log Message
- Multicast Ethernet source.
- Default Log Severity
- Warning
- Parameters
- srchw, pkt
- Explanation
- An Ethernet packet with the sender address set to a multicast address was received.
- Gateway Action
- Allow
- Action Description
- None
- Proposed Action
- Legal uses for network packets with a multicast Ethernet sender are rare. Consider adjusting the EthernetSettings:MulticastEnetSender setting to drop these kind of packets.
2.11.4. [ID: 428] Multicast Ethernet source
- Log Categories
- ETHERNET,STATELESS,VALIDATE
- Log Message
- Multicast Ethernet source.
- Default Log Severity
- Warning
- Parameters
- srchw, pkt
- Explanation
- An Ethernet packet with the sender address set to a multicast address was received.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- Legal uses for network packets with a multicast Ethernet sender are rare. The EthernetSettings:MulticastEnetSender setting can be changed to allow these kind of packets.
2.11.5. [ID: 132] Not for me
- Log Categories
- ETHERNET,STATELESS,VALIDATE
- Log Message
- Not for me.
- Default Log Severity
- Debug
- Parameters
- srchw, desthw, recviface, pkt
- Explanation
- A unicast Ethernet packet has been received by interface recviface, but was dropped because the Ethernet destination of the packet was not that of this interface.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- This message can be turned off using the setting MiscSettings:NotLocalEnetDest.
2.11.6. [ID: 327] Null Ethernet source
- Log Categories
- ETHERNET,STATELESS,VALIDATE
- Log Message
- Null Ethernet source.
- Default Log Severity
- Warning
- Parameters
- pkt
- Explanation
- An Ethernet packet with a sender address consisting of all zeroes was dropped.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- Change the EthernetSettings:NullEnetSender advanced setting to modify the logging Ethernet packets with a zero sender address.
2.11.7. [ID: 537] Unicast MAC with broadcast IP
- Log Categories
- ETHERNET,IPV4,STATELESS,VALIDATE
- Log Message
- Unicast MAC with broadcast IP.
- Default Log Severity
- Warning
- Parameters
- destip, desthw, pkt
- Explanation
- The Ethernet destination is unicast, but the IP destination is broadcast.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where
the Ethernet and the IP destination do not match.
2.11.8. [ID: 490] Unicast MAC with broadcast IP
- Log Categories
- ETHERNET,IPV4,STATELESS,VALIDATE
- Log Message
- Unicast MAC with broadcast IP.
- Default Log Severity
- Warning
- Parameters
- destip, desthw, pkt
- Explanation
- The Ethernet destination is unicast, but the IP destination is broadcast.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where
the Ethernet and the IP destination do not match. The recommended action is to drop these packets.
2.11.9. [ID: 229] Unicast MAC with multicast IP
- Log Categories
- ETHERNET,IPV4,STATELESS,VALIDATE
- Log Message
- Unicast MAC with multicast IP.
- Default Log Severity
- Warning
- Parameters
- destip, desthw, pkt
- Explanation
- The Ethernet destination is unicast, but the IP destination is multicast. This is a known exploit against some multicast protocol.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where
the Ethernet and the IP destination do not match.
2.11.10. [ID: 104] Unicast MAC with multicast IP
- Log Categories
- ETHERNET,IPV4,STATELESS,VALIDATE
- Log Message
- Unicast MAC with multicast IP.
- Default Log Severity
- Warning
- Parameters
- destip, desthw, pkt
- Explanation
- The Ethernet destination is unicast, but the IP destination is multicast. This is a known exploit against some multicast protocol.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where
the Ethernet and the IP destination do not match. The recommended action is to drop these packets.
2.11.11. [ID: 548] Non matching IP and MAC multicast
- Log Categories
- ETHERNET,IPV4,STATELESS,VALIDATE
- Log Message
- Non matching IP and MAC multicast.
- Default Log Severity
- Warning
- Parameters
- destip, desthw, pkt
- Explanation
- The Ethernet multicast destination does not match that of the IP multicast destination.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where
the Ethernet and the IP destination do not match.
2.11.12. [ID: 340] Non matching IP and MAC multicast
- Log Categories
- ETHERNET,IPV4,STATELESS,VALIDATE
- Log Message
- Non matching IP and MAC multicast.
- Default Log Severity
- Warning
- Parameters
- destip, desthw, pkt
- Explanation
- The Ethernet multicast destination does not match that of the IP multicast destination.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where
the Ethernet and the IP destination do not match. The recommended action is to drop these packets.
2.11.13. [ID: 627] Multicast MAC with unicast IP
- Log Categories
- ETHERNET,IPV4,STATELESS,VALIDATE
- Log Message
- Multicast MAC with unicast IP.
- Default Log Severity
- Warning
- Parameters
- destip, desthw, pkt
- Explanation
- The Ethernet destination is multicast, but the IP destination is not multicast.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where
the Ethernet and the IP destination do not match.
2.11.14. [ID: 423] Multicast MAC with unicast IP
- Log Categories
- ETHERNET,IPV4,STATELESS,VALIDATE
- Log Message
- Multicast MAC with unicast IP.
- Default Log Severity
- Warning
- Parameters
- destip, desthw, pkt
- Explanation
- The Ethernet destination is multicast, but the IP destination is not multicast.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where
the Ethernet and the IP destination do not match. The recommended action is to drop these packets.
2.11.15. [ID: 1665] IPv6 broadcast packet
- Log Categories
- ETHERNET,IPV6,STATELESS,VALIDATE
- Log Message
- IPv6 broadcast packet.
- Default Log Severity
- Warning
- Parameters
- srchw, desthw, recviface, pkt
- Explanation
- A multicast IPv6 packet, using a broadcast (or possibly some other type of non-conformal multicast) Ethernet destination,
was received. This is not supported by the IPv6 standard, and most appliances will ignore such traffic.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- Investigate why these packets appear; identify, isolate and optionally update the source of the packets. As this type of messages
are illegal to use in IPv6 networks, yet are universally supported by all Ethernet II capable devices, there is still a possibility
that some network appliances will act in unexpected ways on the traffic. This in turn makes it a possible attack vector against
IPv6 multicast services such as, but not limited to, ND (neighbour discovery) and MLD. This log message can be disabled by
the IPSettings:LogNonIP4 setting.
2.11.16. [ID: 219] Unicast MAC with multicast IP
- Log Categories
- ETHERNET,IPV6,STATELESS,VALIDATE
- Log Message
- Unicast MAC with multicast IP.
- Default Log Severity
- Warning
- Parameters
- destip, desthw, pkt
- Explanation
- The Ethernet destination is unicast, but the IP destination is multicast. This is a known exploit against some multicast protocol.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where
the Ethernet and the IP destination do not match.
- Proposed Action
- The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where
the Ethernet and the IP destination do not match.
2.11.17. [ID: 362] Unicast MAC with multicast IP
- Log Categories
- ETHERNET,IPV6,STATELESS,VALIDATE
- Log Message
- Unicast MAC with multicast IP.
- Default Log Severity
- Warning
- Parameters
- destip, desthw, pkt
- Explanation
- The Ethernet destination is unicast, but the IP destination is multicast. This is a known exploit against some multicast protocol.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where
the Ethernet and the IP destination do not match. The recommended action is to drop these packets.
- Proposed Action
- The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where
the Ethernet and the IP destination do not match. The recommended action is to drop these packets.
2.11.18. [ID: 192] Non matching IP and MAC multicast
- Log Categories
- ETHERNET,IPV6,STATELESS,VALIDATE
- Log Message
- Non matching IP and MAC multicast.
- Default Log Severity
- Notice
- Parameters
- destip, desthw, pkt
- Explanation
- The Ethernet multicast destination does not match that of the IP multicast destination.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where
the Ethernet and the IP destination do not match.
2.11.19. [ID: 438] Non matching IP and MAC multicast
- Log Categories
- ETHERNET,IPV6,STATELESS,VALIDATE
- Log Message
- Non matching IP and MAC multicast.
- Default Log Severity
- Notice
- Parameters
- destip, desthw, pkt
- Explanation
- The Ethernet multicast destination does not match that of the IP multicast destination.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where
the Ethernet and the IP destination do not match. The recommended action is to drop these packets.
2.11.20. [ID: 595] Multicast MAC with unicast IP
- Log Categories
- ETHERNET,IPV6,STATELESS,VALIDATE
- Log Message
- Multicast MAC with unicast IP.
- Default Log Severity
- Warning
- Parameters
- destip, desthw, pkt
- Explanation
- The Ethernet destination is multicast, but the IP destination is not multicast.
- Gateway Action
- Drop
- Action Description
- None
- Proposed Action
- The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where
the Ethernet and the IP destination do not match.
2.11.21. [ID: 397] Multicast MAC with unicast IP
- Log Categories
- ETHERNET,IPV6,STATELESS,VALIDATE
- Log Message
- Multicast MAC with unicast IP.
- Default Log Severity
- Warning
- Parameters
- destip, desthw, pkt
- Explanation
- The Ethernet destination is multicast, but the IP destination is not multicast.
- Gateway Action
- None
- Action Description
- None
- Proposed Action
- The IPSettings:MulticastIPEnetOnMismatch setting can be changed to control the gateway's behavior for multicast/broadcast IP packets on an Ethernet network, where
the Ethernet and the IP destination do not match. The recommended action is to drop these packets.
cOS Stream 4.00.03 Log Reference Guide
