Extrusion events

An extrusion is an attack, traffic regulation, or scan event that originates from the local host system against a remote system. For example, a trusted insider might use a company machine as the origin of a denial-of service attack. An extrusion also is called an outbound intrusion.

IDS detects the following types of outbound attacks:

Outbound attacks show up as XATTAC in the intrusion monitor record. For more information on specific outbound attacks, see Attack events.
Outbound raw packets that use a nonstandard protocol. Standard protocols include TCP, UDP, ICMP, ICMPv6, IGMP, and OSPF.
IPv6 routing headers.
Outbound scans to nonlistening or closed ports. These attacks show up as XSCAN in the intrusion monitor record.
Outbound traffic regulation events for UDP. These attacks show up as XTRUDP in the intrusion monitor record.
Outbound traffic regulation events for TCP. These attacks show up as XTRTCP in the intrusion monitor record.