Intrusion detection services probeids

Intrusion Detection Services defines a code called a probeid to identify the reason and code location associated with output information. The probeids appear in IDS console messages, IDS syslogd messages, packets traced in the SYSTCPIS portion of the stack dataspace and CTRACE records in the SYSTCPIP portion of the stack dataspace.

IDS probeids are four bytes in length. The first byte indicates the IDS type:
  • X'01' TCP Traffic Regulation event
  • X'02' UDP Traffic Regulation event
  • X'03' Scan detection event
  • X'04' Attack detection event
The second byte is based on the IDS type. For the Traffic Regulation probeids, the second byte is always zero.
  • For Scan detection probeids, a nonzero value in the second byte indicates the suspicion level assigned to a packet being tracked. The following list shows the possible values:
    • X'01' for very suspicious packet.
    • X'02' for possibly suspicious packet.
    • X'03' for normal packet.
    • X'00' is used to report a scan detected event or other unusual situation that might affect scan processing. These conditions are not written to the IDS trace but are written to the syslogd or the console if requested by the policy.
  • For Attack detection, the second byte of the probeid identifies the attack type.
    • X'01' MALFORMED_PACKET
    • X'02' OUTBOUND_RAW
    • X'03' IP_FRAGMENT
    • X'04' ICMP_REDIRECT
    • X'05' RESTRICTED_IP_OPTIONS
    • X'06' RESTRICTED_IP_PROTOCOL
    • X'07' FLOOD
    • X'08' PERPETUAL_ECHO
    • X'09' DATA_HIDING
    • X'0A' TCP_QUEUE_SIZE
    • X'0B' GLOBAL_TCP_STALL
    • X'0C' OUTBOUND_RAW_IPV6
    • X'0D' RESTRICTED_IPV6_NEXT_HDR
    • X'0E' RESTRICTED_IPV6_DST_OPTIONS
    • X'0F' RESTRICTED_IPV6_HOP_OPTIONS
    • X'10' EE_LDLC_CHECK
    • X'11' EE_MALFORMED_PACKET
    • X'12' EE_PORT_CHECK
    • X'13' EE_XID_FLOOD
    • X'00' is used to report an attack detected event or other unusual situation that might affect attack processing.
Table 1. Intrusion detection services probeids
probeid description
X'01000001' TCP TR, enter constrained for receive queue.
X'01000002' TCP TR, exit constrained for receive queue.
X'01000003' TCP TR, enter constrained for send queue.
X'01000004' TCP TR, exit constrained for send queue.
X'01002200' TCP TR, enter or leave constrained during close processing.
X'01002400' TCP TR, enter or leave constrained during close processing.
X'01004014' TCP TR, source host allowed to exceed the percentage of available connections allowed for a single source because of QoS policy.
X'01004042' TCP TR, source host exceeded both the percentage of available connections allowed for a single source and QoS policy.
X'01004044' TCP TR, source host exceeded the percentage of available connections allowed for a single source.
X'01004048' TCP TR, destination port exceeded the total number of connections limit.
X'01004084' TCP TR, internal error processing source host hash table.
X'01004088' TCP TR, internal error processing destination port hash table.
X'01004200' TCP TR, enter or leave constrained during connection handshake complete processing.
X'01004400' TCP TR, enter or leave constrained during connection handshake complete processing.
X'01004800' TCP TR, enter or leave constrained during connection handshake complete processing.
X'01008400' TCP TR, enter or leave constrained during listen processing.
X'01008800' TCP TR, enter or leave constrained during listen processing.
X'0100C800' TCP TR, enter or leave constrained during policy change processing.
X'0100FFF0' TCP TR, log records suppressed.
X'0100FFF1' TCP TR, Event recording capacity exceeded and TCP TR log records lost.
X'0100FFF2' TCP TR, Event recording capacity exceeded and TCP TR statistics records lost.
X'02000001' UDP TR port entered constrained state.
X'02000002' UDP TR port exited constrained state.
X'02000003' UDP TR port exited constrained state at policy end.
X'02000004' UDP TR port IDS Packet traced during constrained state.
X'0200FFF1' UDP TR, Event recording capacity exceeded and UDP TR log records lost.
X'0200FFF2' UDP TR, Event recording capacity exceeded and UDP TR statistics records lost.
X'0300FFF1' Scan, Fast scan detected.
X'0300FFF2' Scan, Slow scan detected.
X'0300FFF3' Scan, Scan processing encountered a storage constraint.
X'0300FFF4' Scan, Scan storage constraint exited.
X'0300FFF5' Scan, Scan internal interval overrun.
X'0300FFF6' Scan, Scan detail.
X'0300FFF7' Scan, Event recording capacity exceeded and Scan log records lost.
X'0300FFF8' Scan, Event recording capacity exceeded and Scan Detail log records lost.
X'03010001' Scan, Very Suspicious, request issued to a Reserved port.
X'03010011' Scan, Very Suspicious, ICMP request to broadcast or multicast address.
X'03010021' Scan, Very Suspicious, half open connection timed out.
X'03010025' Scan, Very suspicious, unexpected TCP flags or flag combinations (such as syn and fin both set).
X'03010028' Scan, Very suspicious, no peer connection and unexpected TCP flags set.
X'03010030' Scan, Very suspicious, ICMPv6 Echo request to multicast address.
X'03020002' Scan, Possibly suspicious, request to an Unbound port.
X'03020004' Scan, Possibly suspicious, rejected by IP Security.
X'03020005' Scan, Possibly suspicious, no peer connection and rejected by IP Security.
X'03020006' Scan, Possibly suspicious, unexpected state.
X'03020012' Scan, Possibly suspicious, ICMP Info request.
X'03020013' Scan, Possibly suspicious, ICMP Subnet mask request.
X'03020014' Scan, Possibly suspicious, ICMP request with Record Route option.
X'03020015' Scan, Possibly suspicious, ICMP request with Record Timestamp option.
X'03020020' Scan, Possibly suspicious, reset to half open TCP connection.
X'03020024' Scan, Possibly suspicious, TCP connection timed out.
X'03020026' Scan, Possibly suspicious, TCP syn dropped.
X'03020027' Scan, Possibly suspicious, no TCP connection.
X'03020031' Scan, Possibly suspicious, ICMPv6 Echo request with Routing header.
X'03030000' Scan, Normal packet. For example, normal TCP connection completed or ICMP echo request to a single host without special options.
X'03030003' Scan, Rejected by QOS policy.
X'03030007' Scan, Normal packet. UDP normal packet.
X'03030022' Scan, Out of sequence window.
X'03030023' Scan, Stand alone syn but connection already established.
X'03030026' Scan, TCP syn dropped.
X'0400FFF1' Attack, Event recording capacity exceeded and Attack log records lost.
X'0400FFF2' Attack, Event recording capacity exceeded and Attack statistics records lost.
X'04010001' Attack, type=MALFORMED_PACKET, IPv4 header error, version is not IPv4 or header length field error.
X'04010002' Attack, type=MALFORMED_PACKET, IPv4 header error, header length field or total length field error.
X'04010003' Attack, type=MALFORMED_PACKET, IPv4 header error, total length field error.
X'04010004' Attack, type=MALFORMED_PACKET, IPv4 header error, fragment offset field error.
X'04010005' Attack, type=MALFORMED_PACKET, IPv4 header error, source IP address/destination IP address error.
X'04010006' Attack, type=MALFORMED_PACKET, IPv4 header error, source IP address/destination IP address error.
X'04010007' Attack, type=MALFORMED_PACKET, IPv4 header error, header length field or total length field error.
X'04010008' Attack, type=MALFORMED_PACKET, IP header/TCP header error, source and destination IP addresses and source and destination ports error.
X'04010009' Attack, type=MALFORMED_PACKET, IPv4 header error, header length field error.
X'0401000A' Attack, type=MALFORMED_PACKET, IPv4 header error, destination address error, protocol is TCP and destination IP address is a multicast address.
X'0401000B' Attack, type=MALFORMED_PACKET, IPv4 packet length error, packet does not include the entire TCP header.
X'0401000C' Attack, type=MALFORMED_PACKET, IPv4 packet length error, packet does not include the entire UDP header.
X'0401000D' Attack, type=MALFORMED_PACKET, IPv4 ICMP header error, option type not valid.
X'0401000E' Attack, type=MALFORMED_PACKET, IPv4 header error, source IP address error, address is the unspecified address.
X'0401000F' Attack, type=MALFORMED_PACKET, IPv4 header error, source IP address error, address is the loopback address, but the packet was not received on the loopback interface.
X'04010010' Attack, type=MALFORMED_PACKET, IPv4 header error, destination IP address error, address is the loopback address, but the packet was not received on the loopback interface.
X'04010011' Attack, type=MALFORMED_PACKET, IPv4 header error, length is too short for non-final fragment.
X'0401001E' Attack, type=MALFORMED_PACKET, IPv6 header error, source or destination IP address error, address is the loopback address, but the packet was received over an external interface.
X'0401001F' Attack, type=MALFORMED_PACKET, IPv6 packet length error, packet does not include the entire TCP header.
X'04010020' Attack, type=MALFORMED_PACKET, IPv6 packet length error, packet does not include the entire UDP header.
X'04010021' Attack, type=MALFORMED_PACKET, IPv6 header error, destination IP address error, address is the loopback address, but the packet was not received on the loopback interface.
X'04010023' Attack, type=MALFORMED_PACKET, IPv6 header error, source IP address/destination IP address error.
X'04010024' Attack, type=MALFORMED_PACKET, IPv6 header error, total length field error.
X'04010025' Attack, type=MALFORMED_PACKET, IPv6 header error, version is not IPv6.
X'04010026' Attack, type=MALFORMED_PACKET, IPv6 header error, source or destination IP address error, address is an IPv4-mapped IPv6 address.
X'04010027' Attack, type=MALFORMED_PACKET, IPv6 header error, source IP address error, address is the loopback address, but the packet was not received on the loopback interface.
X'04010028' Attack, type=MALFORMED_PACKET, IPv6 header error, destination IP address error, protocol is TCP and destination IP address is a multicast address.
X'04010029' Attack, type=MALFORMED_PACKET, IPv6 header error, source IP address error, address is the unspecified address.
X'0401002A' Attack, type=MALFORMED_PACKET, IPv6 header error, destination IP address error, IP address is a link-local address, but the packet was not received over the interface to which the link-local address is assigned.
X'04010032' Attack, type=MALFORMED_PACKET, IPv6 extension header parsing error, inner IPv6 header not valid when previous header is an IPv6 header.
X'04010033' Attack, type=MALFORMED_PACKET, IPv6 ICMP option error, bad length specified for an option in the packet.
X'04010034' Attack, type=MALFORMED_PACKET, IPv6 extension header parsing error, fragment header is duplicated or in a location that is not valid.
X'04010035' Attack, type=MALFORMED_PACKET, IPv6 fragment header error, fragment header included and payload length is zero.
X'04010036' Attack, type=MALFORMED_PACKET, IPv6 fragment header error, fragment is not last and payload length is not multiple of 8.
X'04010037' Attack, type=MALFORMED_PACKET, IPv6 extension header parsing error, hop-by-hop options header is in a location that is not valid.
X'04010038' Attack, type=MALFORMED_PACKET, IPv6 extension header parsing error, multiple ICMPv6 error headers encountered.
X'04010039' Attack, type=MALFORMED_PACKET, IPv6 ICMP option error, source link-layer address option in a Neighbor Discovery packet specifies the unspecified address.
X'0401003A' Attack, type=MALFORMED_PACKET, IPv6 extension header parsing error, an inner IPv6 header was found in a packet that is using transport mode IP Security.
X'0401003B' Attack, type=MALFORMED_PACKET, IPv6 ICMP option error, Neighbor Solicitation message with a source IP address that is not the unspecified address and a destination IP address that is a multicast address, source link-layer address option is missing.
X'0401003C' Attack, type=MALFORMED_PACKET, IPv6 extension header parsing error, an inner IPv6 header was not found in a packet that is using tunnel mode IP Security.
X'0401003D' Attack, type=MALFORMED_PACKET, IPv6 extension header parsing error, next header value of No Next Header is in a location that is not valid.
X'0401003E' Attack, type=MALFORMED_PACKET, IPv6 extension header parsing error, unexpected IPv6 header encountered.
X'0401003F' Attack, type=MALFORMED_PACKET, IPv6 extension header parsing error, bad length specified for an option in a hop-by-hop options header or a destination options header
X'04010040' Attack, type=MALFORMED_PACKET, IPv6 extension header parsing error, IPv6 length field exceeds remaining packet length.
X'04010041' Attack, type=MALFORMED_PACKET, IPv6 routing header error, routing header contains a multicast address.
X'04010042' Attack, type=MALFORMED_PACKET, IPv6 extension header parsing error, destination IP address is a multicast address and packet contains a routing header.
X'04010043' Attack, type=MALFORMED_PACKET, IPv6 routing header error, length value is not valid.
X'04010044' Attack, type=MALFORMED_PACKET, IPv6 routing header error, segments left value is not valid.
X'04010045' Attack, type=MALFORMED_PACKET, error in proprietary packet tagging header for multilevel security, header sub-type not valid.
X'04010046' Attack, type=MALFORMED_PACKET, error in proprietary packet tagging header for multilevel security, duplicate header encountered.
X'04010047' Attack, type=MALFORMED_PACKET, error in proprietary packet tagging header for multilevel security, security label in header did not match security label from first IP header.
X'04010048' Attack, type=MALFORMED_PACKET, error in proprietary packet tagging header for multilevel security, header length not valid.
X'04010049' Attack, type=MALFORMED_PACKET, error in proprietary packet tagging header for multilevel security, header encountered in a reassembled packet or following a routing header.
X'0401004A' Attack, type=MALFORMED_PACKET, error in proprietary packet tagging header for multilevel security, security label missing from the first IP header.
X'0401004B' Attack, type=MALFORMED_PACKET, error in proprietary packet tagging header for multilevel security, RACF® domain not valid.
X'0401004C' Attack, type=MALFORMED_PACKET, error in proprietary packet tagging header for multilevel security, tag length not valid.
X'0401004D' Attack, type=MALFORMED_PACKET, error in proprietary packet tagging header for multilevel security, tag name missing.
X'0401004E' Attack, type=MALFORMED_PACKET, error in proprietary packet tagging header for multilevel security, security label missing.
X'0401004F' Attack, type=MALFORMED_PACKET, error in proprietary packet tagging header for multilevel security, tag type not valid.
X'04010050' Attack, type=MALFORMED_PACKET, IPv6 ICMP header error, router advertisement message with source IP address that is not a link-local address, hop limit that is not 255, or ICMP code that is not 0.
X'04010051' Attack, type=MALFORMED_PACKET, IPv6 ICMP header error, neighbor solicitation message with source IP address that is the unspecified address and destination IP address that is not a solicited-node multicast address, target IP address that is a multicast address, hop limit that is not 255, or ICMP code that is not 0.
X'04010052' Attack, type=MALFORMED_PACKET, IPv6 ICMP header error, neighbor advertisement message with destination IP address that is a multicast address and indication that it was solicited, target IP address that is a multicast address, hop limit that is not 255, or ICMP code that is not 0.
X'04010053' Attack, type=MALFORMED_PACKET, IPv6 ICMP header error, redirect message with source IP address that is not a link-local address, destination IP address that is a multicast address, target IP address that is not a link-local address and is not the destination IP address, hop limit that is not 255, target IP address that is a local address, or ICMP code that is not 0.
X'04010054' Attack, type=MALFORMED_PACKET, IPv6 ICMP header error, multicast listener discovery (MLD) query message with source IP address that is not a link-local address, destination IP address that is not a multicast address, or hop limit that is not 1.
X'04010055' Attack, type=MALFORMED_PACKET, IPv6 ICMP header error, multicast listener discovery (MLD) report message with source IP address that is not a link-local address, destination IP address that is not a multicast address, or hop limit that is not 1.
X'04010056' Attack, type=MALFORMED_PACKET, IPv6 ICMP header error, multicast listener discovery (MLD) reduction message with source IP address that is not a link-local address, destination IP address that is not a multicast address, or hop limit that is not 1.
X'0401FFF0' Attack, type=MALFORMED_PACKET, Log records suppressed for malformed packet attacks.
X'04020001' Attack, type=OUTBOUND_RAW, IP protocol restricted.
X'04020002' Attack, type=OUTBOUND_RAW, application built IP header, source IP address not in home list.
X'04020003' Attack, type=OUTBOUND_RAW, application built IP header, datagram fragmented.
X'04020004' Attack, type=OUTBOUND_RAW, application built IP header, ICMP reply datagram.
X'04020005' Attack, type=OUTBOUND_RAW, application built IP header, IP protocol restricted.
X'04020006' Attack, type=OUTBOUND_RAW, ICMP reply datagram.
X'0402FFF0' Attack, type=OUTBOUND_RAW, Log records suppressed for outbound raw attacks.
X'04030001' Attack, type=IP_FRAGMENT, datagram fragmented within the first 88 bytes.
X'04030002' Attack, type=IP_FRAGMENT, IPv4 fragment overlay, previously received fragments and data in overlay area is not the same.
X'04030003' Attack, type=IP_FRAGMENT, IPv4 fragment received, fragment indicates length of original datagram is different from length indicated by previously received fragments.
X'04030004' Attack, type=IP_FRAGMENT, IPv4 fragment received, fragment indicates length of original datagram is different from length indicated by previously received fragments.
X'04030011' Attack, type=IP_FRAGMENT, IPv6 fragment overlay, previously received fragments and data in overlay area is not the same.
X'04030012' Attack, type=IP_FRAGMENT, IPv6 fragment received, fragment indicates length of original datagram is different from length indicated by previously received fragments.
X'04030013' Attack, type=IP_FRAGMENT, IPv6 fragment received, fragment indicates length of original datagram is different from length indicated by previously received fragments.
X'0403FFF0' Attack, type=IP_FRAGMENT, Log records suppressed for IP fragment attacks.
X'04040001' Attack, type=ICMP_REDIRECT, ICMP Redirect datagram.
X'0404FFF0' Attack, type=ICMP_REDIRECT, Log records suppressed for ICMP Redirect attacks.
X'04050001' Attack, type=RESTRICTED_IP_OPTIONS, datagram contains a restricted IP option.
X'0405FFF0' Attack, type=RESTRICTED_IP_OPTIONS, Log records suppressed for restricted IP option attacks.
X'04060001' Attack, type=RESTRICTED_IP_PROTOCOL, IP protocol restricted.
X'0406FFF0' Attack, type=RESTRICTED_IP_PROTOCOL, Log records suppressed for restricted IP protocol attacks.
X'04070001' Attack, type=FLOOD, Synflood end detected.
X'04070002' Attack, type=FLOOD, Syn received during Synflood.
X'04070003' Attack, type=FLOOD, Synflood end detected.
X'04070004' Attack, type=FLOOD, Synflood end detected.
X'04070005' Attack, type=FLOOD, Synflood end detected.
X'04070006' Attack, type=FLOOD, Synflood end detected.
X'04070007' Attack, type=FLOOD, Synflood end detected.
X'04070008' Attack, type=FLOOD, Accept queue expanded.
X'04070009' Attack, type=FLOOD, Synflood start detected.
X'04070010' Attack, type=FLOOD, Interface Flood start detected.
X'04070011' Attack, type=FLOOD, Interface Flood continuing. Written every five minutes while an interface flood lasts.
X'04070012' Attack, type=FLOOD, Interface flood ended due to interface stopped.
X'04070013' Attack, type=FLOOD, Interface flood ended due to FLOOD policy no longer active.
X'04070014' Attack, type=FLOOD, Interface Flood Ended. Interface flood criteria no longer exceeded.
X'04070015' Attack, type=FLOOD, Interface Flood Detection disabled for the interface due to storage constraints.
X'04070016' Attack, type=FLOOD, Interface Flood data tracking temporarily suspended due to storage constraints.
X'04070017' Attack, type=FLOOD, Synflood end detected.
X'04070101' Attack, type=FLOOD, Interface Flood. Discard due to bad media header.
X'04070102' Attack, type=FLOOD, Interface Flood. Discard due to unpacking problem.
X'04070103' Attack, type=FLOOD, Interface Flood. Discard due to storage problem.
X'04070104' Attack, type=FLOOD, Interface Flood. Discard due to bad checksum.
X'04070105' Attack, type=FLOOD, Interface Flood. Discard due to malformed packet.
X'04070106' Attack, type=FLOOD, Interface Flood. Discard due to destination.
X'04070107' Attack, type=FLOOD, Interface Flood. Discard due to IDS policy.
X'04070108' Attack, type=FLOOD, Interface Flood. Discard due to QoS policy.
X'04070109' Attack, type=FLOOD, Interface Flood. Discard due to policy other than IDS or QoS policy.
X'0407010A' Attack, type=FLOOD, Interface Flood. Discard due to netaccess, multilevel security, or OSM access checks.
X'0407010B' Attack, type=FLOOD, Interface Flood. Discard due to forwarding error.
X'0407010C' Attack, type=FLOOD, Interface Flood. Discard due to IP Security checks.
X'0407010D' Attack, type=FLOOD, Interface Flood. Discard due to state problem.
X'0407010E' Attack, type=FLOOD, Interface Flood. Discard due to problem not otherwise defined.
X'0407010F' Attack, type=FLOOD, Interface Flood. Discard due to miscellaneous connection errors.
X'04070110' Attack, type=FLOOD, Interface Flood. Discard due to queue limits exceeded.
X'04070111' Attack, type=FLOOD, Interface Flood. Discard due to AT-TLS policy.
X'0407FFF0' Attack, type=FLOOD, Log records suppressed for flood attacks.
X'04080001' Attack, type=PERPETUAL_ECHO, UDP perpetual echo detected.
X'04080002' Attack, type=PERPETUAL_ECHO, UDP perpetual echo detected.
X'04080003' Attack, type=PERPETUAL_ECHO, UDP perpetual echo detected, port unreachable.
X'0408FFF0' Attack, type=PERPETUAL_ECHO, Log records suppressed for perpetual echo attacks.
X'04090001' Attack, type=DATA_HIDING, packet contains non-zero padding in the IP options.
X'04090002' Attack, type=DATA_HIDING, packet contains non-zero padding in the IPv6 Destination Options header.
X'04090003' Attack, type=DATA_HIDING, packet contains non-zero padding in the IPv6 hop-by-hop options header.
X'04090004' Attack, type=DATA_HIDING, destination IP address in ICMP error packet does not match source IP address in embedded packet.
X'0409FFF0' Attack, type=DATA_HIDING, Log records suppressed for data hiding attacks.
X'040A0001' Attack, type=TCP_QUEUE_SIZE, TCP receive queue constrained.
X'040A0002' Attack, type=TCP_QUEUE_SIZE, TCP receive queue unconstrained.
X'040A0003' Attack, type=TCP_QUEUE_SIZE, Connection reset due to TCP receive queue constrained.
X'040A0004' Attack, type=TCP_QUEUE_SIZE, TCP send queue constrained.
X'040A0005' Attack, type=TCP_QUEUE_SIZE, TCP send queue unconstrained.
X'040A0006' Attack, type=TCP_QUEUE_SIZE, Connection reset due to TCP send queue constrained.
X'040A0007' Attack, type=TCP_QUEUE_SIZE, TCP out-of-order queue constrained.
X'040A0008' Attack, type=TCP_QUEUE_SIZE, TCP out-of-order queue unconstrained.
X'040A0009' Attack, type=TCP_QUEUE_SIZE, Connection reset due to TCP out-of-order queue constrained.
X'040AFFF0' Attack, type=TCP_QUEUE_SIZE, Log records suppressed for TCP queue size attacks.
X'040B0001' Attack, type=GLOBAL_TCP_STALL, global TCP stall attack started.
X'040B0002' Attack, type=GLOBAL_TCP_STALL, global TCP stall attack ended.
X'040B0003' Attack, type=GLOBAL_TCP_STALL, global TCP stall attack ended because IDS Global TCP Stall policy no longer in effect.
X'040B0004' Attack, type=GLOBAL_TCP_STALL, Connection reset due to global TCP stall attack.
X'040B0005' Attack, type=GLOBAL_TCP_STALL, Connection would have been reset due to global TCP stall attack.
X'040BFFF0' Attack, type=GLOBAL_TCP_STALL, Log records suppressed for Global TCP stall attacks.
X'040C0001' Attack, type=OUTBOUND_RAW_IPV6, IP protocol restricted.
X'040C0002' Attack, type=OUTBOUND_RAW_IPV6, ICMPv6 reply datagram.
X'040C0003' Attack, type=OUTBOUND_RAW_IPV6, ICMPv6 Router Advertisement, Router Solicitation, Neighbor Advertisement, or Neighbor Solicitation datagram.
X'040C0004' Attack, type=OUTBOUND_RAW_IPV6, ICMPv6 MLD Listener Query, MLD Listener Report, MLD Listener Reduction, or MLDv2 Listener Report datagram.
X'040CFFF0' Attack, type=OUTBOUND_RAW_IPV6, Log records suppressed for IPv6 outbound raw attacks.
X'040D0001' Attack, type=RESTRICTED_IPV6_NEXT_HDR, packet contains a restricted IPv6 next header value.
X'040DFFF0' Attack, type=RESTRICTED_IPV6_NEXT_HDR, Log records suppressed for restricted IPv6 next header attacks.
X'040E0001' Attack, type=RESTRICTED_IPV6_DST_OPTIONS, packet contains an IPv6 Destination Options extension header with a restricted option.
X'040EFFF0' Attack, type=RESTRICTED_IPV6_DST_OPTIONS, Log records suppressed for restricted IPv6 destination option attacks.
X'040F0001' Attack, type=RESTRICTED_IPV6_HOP_OPTIONS, packet contains an IPv6 Hop-by-Hop Options extension header with a restricted option.
X'040FFFF0' Attack, type=RESTRICTED_IPV6_HOP_OPTIONS, Log records suppressed for restricted IPv6 hop-by-hop option attacks.
X'04100001' Attack, type=EE_LDLC_CHECK, an EE packet, other than data and a test probe, received on a destination port other than the signalling port.
X'0410FFF0'' Attack, type=EE_LDLC_CHECK, Log records suppressed for attacks detected by EE LDLC checking.
X'04110001' Attack, type=EE_MALFORMED_PACKET, a malformed packet was received on an EE port.
X'0411FFF0' Attack, type=EE_MALFORMED_PACKET, Log records suppressed for attacks detected by EE malformed packet checking.
X'04120001' Attack, type=EE_PORT_CHECK, a packet was received with an incorrect source port address for EE.
X'0412FFF0' Attack, type=EE_PORT_CHECK, Log records suppressed for attacks detected by EE port checking.
X'04130001' Attack, type=EE_XID_FLOOD, A non-responsive XID was logged.
X'04130002' Attack, type=EE_XID_FLOOD, An XID flood start was detected.
X'04130003' Attack, type=EE_XID_FLOOD, An XID flood end was detected.
X'0413FFF0' Attack, type=EE_XID_FLOOD, Log records suppressed for EE XID flood attacks.