|
1
|
Passed packet logged
|
passed(1)
|
Packet passed. The packet was passed by a rule that specified the packet should also be logged.
|
|
256
|
Denied or no pass rule found
|
noRuleOrDenyRule(256)
|
Packet dropped because it did not match any rule. Can also indicate that the packet's source address was invalid for the network interface.
|
|
257
|
No connection
|
noState(257)
|
Packet dropped due to missing state information. The packet was part of an existing, possibly legal session, but no session information could be found. This could be due to the Screen timing out the connection, the Screen being rebooted and losing session state, or a protocol violation where the initial packets were not sent.
|
|
258
|
Out of memory
|
noMemory(258)
|
Packet dropped due to the lack of Screen memory. The Screen could not create the session state due to a lack of real memory. The Screen will accept new sessions when current sessions are closed.
|
|
259
|
Too many connections
|
tooManySessions(259)
|
Packet dropped because the maximum number of sessions are already open. The Screen will accept a new session when a current session of this type is closed.
|
|
260
|
Invalid port
|
invalidPort(260)
|
Packet dropped due to invalid port number specification. An example is an FTP data session not on port 20.
|
|
261
|
Bad format
|
invalidFormat(261)
|
Packet dropped due to invalid format. The Screen determined that the packet did not match the service specified in the rules.
|
|
262
|
Bad direction
|
invalidDirection(262)
|
Packet dropped due to invalid "direction." For example, a DNS request was received when a DNS response was expected.
|
|
263
|
Too many responses
|
tooManyResponses(263)
|
Packet dropped due to too many responses. The applicable rule specified a simple UDP exchange, but the Screen received multiple responses.
|
|
264
|
Too short
|
tooShort(264)
|
Packet dropped because it was too short for the service specified.
|
|
265
|
Bad protocol
|
invalidProtocol(265)
|
Packet dropped because of an invalid protocol identifier. For example, an RPC packet was not of protocol UDP or TCP.
|
|
266
|
No port map
|
noPortmapEntry(266)
|
RPC packet dropped due to lack of port mapping entry. An RPC packet was received on an invalid port. This can occur when the Screen times out RPC portmap entries faster than the end nodes.
|
|
267
|
Bad port map
|
invalidPortMapEntry
(267)
|
RPC packet dropped due to invalid port mapping entry. The portmapper specified that a different RPC program resides on the port.
|
|
268
|
NIS protocol error
|
nisProtocolError(268)
|
NIS+ packet dropped due to protocol error (not implemented).
|
|
269
|
Bad interface
|
invalidInterface(269)
|
Indicates a "bad policy." This error message is typically caused by an invalid identity. The packet was dropped because the its encryption characteristics did not match those specified in an otherwise matching rule. That is, the source address, destination address, and service of the packet matched at least one rule, but the encryption setting conflicted with what was received. Possible encryption characteristic differences include the following:
-
The packet was received encrypted, but the rule specified that it must be unencyrpted.
-
The packet was received unencrypted, but the rule specified that it must encrypted.
-
One of the encryption parameters of the packet did not match a parameter specified for the rule. For example, a mismatching key algorithm was used or the wrong certificate was specified.
The encryption settings for the sender and the Screen should be compared to verify that they are identical and that the correct keys are being used.
|
|
270
|
Bad policy
|
invalidPolicy(270)
|
Indicates that a SKIP packet matched an existing encryption rule but had one or more parameters set incorrectly.
|
|
272
|
Bad source address
|
invalidSourceAddres(272)
|
Indicates a packet was dropped because it was received on an interface where it was not expected; that is, the packet was dropped owing to spoof-detection checks. If the source of the rejected packet is supposed to be allowed on the interface, it should be added to the address group assigned to the interface.
|
|
274
|
Fragment too big
|
fragmentTooBig(274)
|
Indicates a possible network attack.
|
|
275
|
Fragment overlap
|
fragmentOverlap(275)
|
Indicates that a packet was fragmented while it was in transit and that the fragments contain redundant data. May indicate a network attack.
|
