Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZZ8649I z/OS Communications Server: IP Messages Volume 4 (EZZ, SNM) SC27-3657-01 |
|
EZZ8649I TRMD ATTACK packet would have been discarded:date
time,sipaddr=sipaddr,dipaddr=dipaddr,sport=sport,dport=dport,type=type,proto=proto,option=option, fragsize=fragoff,correlator=correlator,probeid=probeid,sensorhostname=sensorhostname,restrictval=restrictval ExplanationAn attack event of the indicated type was detected while a packet was being processed. The packet was not discarded because Intrusion Detection Services (IDS) policy for the attack type specified that packets must not be discarded. date is the date when the attack event was detected. time is the time when the attack event was detected. sipaddr is the source IP address in the packet. dipaddr is the destination IP address in the packet. sport is the source port in the packet. A value of zero indicates that the packet did not contain a source port value or that the source port was not known at the point that the attack was detected. dport is the destination port in the packet. A value of zero indicates that the packet did not contain a destination port value or that the destination port was not known at the point that the attack was detected. type is
the attack event type. It will have one of the following values:
proto is
the IP protocol type.
option is the IP option that was detected in the packet and was restricted by the IDS policy. option is only applicable when the type is IPOPT. For other attack types, the value is 0. fragoff is the offset, from the beginning of the original datagram, to where the data in this fragment differs from the data received in previous fragments. fragoff is only applicable when type is IPFragment and probeid is either 04030002 or 04030011. Otherwise, the value is 0. correlator is the IDS trace correlator for the attack event. probeid is the unique identifier of the probe detection point. See the z/OS Communications Server: IP and SNA Codes for a description of the Intrusion Detection Services probe IDs. sensorhostname is the fully qualified host name of the IDS sensor. restrictval is the value that was detected in the packet and was restricted by the IDS policy. restrictval is only applicable when type is OutboundRaw, IPOPT, IPPROTO, OutboundRaw6, IPv6NextHeader, IPv6HopOptions, or IPv6DestOptions. For other attack types, the value is 0. System actionProcessing continues. Operator responseNone. System programmer responseNone. ModuleEZATRMD Example
Procedure nameWriteLogEntries |
Copyright IBM Corporation 1990, 2014
|