Example: E-mail notification

In this example, IDS detected an intrusion on the local system and sent an e-mail notification to the systems administrator.

The following is an example of an e-mail notification received for a restricted IP options attack:

To: Sysadmin
Subject:  A possible intrusion, suspicious inbound activity, was detected on sys1234.

The following information was gathered about the event:

Time of Event: date time
Extrusion Type: ATTACK
Attack Type: RESTOPT
Local IP Address: 224.0.0.l
Local Port: 0    
Remote IP Address: 9.5.211.4
Remote Port: 0    
Protocol: 2    
Throttling Active: *NO    
Discarded Packet Count: 0    
Condition ID: 11    
Stack: P    
Event Correlator: 0001    
Detection Point ID: 1001    
Suspected Packet:
X'<long hexadecimal string>'

Recovery  . . . : For more information on actions you can take to block
and impede future suspicious inbound activity, see the Intrusion detection
topic in the Security category in the IBM i Information Center.