Netgear FWG114Pv2 FWG114Pv2 Reference Manual - Page 227

Reference Manual for the ProSafe Wireless 802.11g Firewall/Print Server Model FWG114P v2 The format is: < SRC_IP>< DST_IP> [Fri, 2003-12-05 21:22:07] - TCP Packet - Source:172.31.12.156,54611 ,WAN Destination:172.31.12.157,134 ,LAN [Drop] - [FIN Scan] [Fri, 2003-12-05 21:22:38] - TCP Packet - Source:172.31.12.156,59937 ,WAN Destination:172.31.12.157,670 ,LAN [Drop] - [Nmap Xmas Scan] [Fri, 2003-12-05 21:23:06] - TCP Packet - Source:172.31.12.156,39860 ,WAN Destination:172.31.12.157,18000 ,LAN [Drop] - [Null Scan] [Fri, 2003-12-05 21:27:55] - TCP Packet - Source:172.31.12.156,38009 ,WAN Destination:172.31.12.157,15220 ,LAN [Drop] - [Full Sapu Scan] [Fri, 2003-12-05 21:28:56] - TCP Packet - Source:172.31.12.156,35128 ,WAN Destination:172.31.12.157,38728 ,LAN [Drop] - [Full Xmas Scan] [Fri, 2003-12-05 21:30:30] - IP Packet - Source:227.113.223.77,WAN Destination:172.31.12.157,LAN [Drop] - [Fragment Attack] [Fri, 2003-12-05 21:30:30] - IP Packet - Source:20.97.173.18,WAN Destination:172.31.12.157,LAN [Drop] - [Targa3 Attack] [Fri, 2003-12-05 21:30:30] - TCP Packet - Source:3.130.176.84,37860 ,WAN Destination:172.31.12.157,63881 ,LAN [Drop] - [Vecna Scan] [Fri, 2003-12-05 21:30:31] - ICMP Packet [Type 238] - Source:100.110.182.63,WAN - Destination:172.31.12.157,LAN [Drop] - [ICMP Flood] [Fri, 2003-12-05 21:33:52] - UDP Packet - Source:127.0.0.1,0 ,WAN Destination:172.31.12.157,0 ,LAN [Drop] - [Fragment Attack] [Fri, 2003-12-05 19:20:00] - TCP Session - Source:54.148.179.175,58595 ,LAN Destination:192.168.0.1,20[FTP Data] ,WAN [Reset] - [SYN Flood] [Fri, 2003-12-05 19:21:22] - UDP Packet - Source:172.31.12.156,7 ,LAN Destination:172.31.12.157,7 ,WAN [Drop] - [UDP Flood] [Fri, 2003-12-05 20:59:08] - ICMP Echo Request packet - Source:192.168.0.5,LAN Destination:172.31.12.99,WAN [Drop] - [ICMP Flood] [Fri, 2003-12-05 18:07:29] - TCP Packet - Source:192.168.0.10,1725 ,LAN Destination:61.177.58.50,1352 ,WAN [Drop] - [TCP incomplete sessions overflow] [Fri, 2003-12-05 21:11:24] - TCP Packet - Source:192.168.0.10,2342 ,LAN Destination:61.177.58.50,1352 ,WAN [Drop] - [First TCP Packet not SYN] Notes: DESCRIPTION = "SYN Flood", "UDP Flood", "ICMP Flood", "IP Spoofing", "TearDrop", "Brute Force", "Ping of Death", "Fragment Attack", "Targa3 Attack", "Big Bomb" "SYN with Data", "Full Xmas Scan", "Full Head Scan", "Full Sapu Scan", "FIN Scan", "SYN FIN Scan", "Null Scan", "Nmap Xmas Scan", "Vecna Scan", "Tcp SYN RES Set", "Other Scan" "TCP incomplete sessions overflow", "TCP preconnect traffic", "TCP invalid traffic", "First TCP Packet not SYN", "First TCP Packet with no SYN" < SRC_IP >< DST_IP> [Wed, 2003-07-30 17:45:17] - TCP Packet [Malformed, Length=896] - Source: 64.3.3.201 - Destination: 10.10.10.4 - [Drop] [Wed, 2003-07-30 17:45:17] - TCP Packet [Malformed, Length=1000] - Source: 64.3.3.201- Destination: 10.10.10.4 - [Forward] Notes: PKT_TYPE = "TCP", "UDP", "ICMP", "Proto: Number" Firewall Log Formats D-5 201-10301-02, May 2005