Extrusion events
An extrusion is an attack, traffic regulation, or scan event that originates from the local host system against a remote system. For example, a trusted insider might use a company machine as the origin of a denial-of service attack. An extrusion also is called an outbound intrusion.
IDS detects the following types of outbound attacks:
- Outbound attacks, such as fraggle, flood, UDP echo requests, or smurf attacks. These attacks might show up as broadcast or multicast attempts to the subnet to which a host is connected. These attacks show up as XATTAC in the intrusion monitor record.
- Outbound raw packets that use a nonstandard protocol. Standard protocols include TCP, UDP, ICMP, ICMPv6, IGMP, and OSPF.
- IPv6 routing headers.
- Outbound scans to nonlistening or closed ports. These attacks show up as XSCAN in the intrusion monitor record.
- Outbound traffic regulation events for UDP. These attacks show up as XTRUDP in the intrusion monitor record.
- Outbound traffic regulation events for TCP. These attacks show up as XTRTCP in the intrusion monitor record.