No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Log Reference

AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R007

This document supports all the logs of device, including the parameters, meaning, possible causes and solution.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
IPS/4/CNC

IPS/4/CNC

Message

IPS/4/CNC(l): A malware domain was detected. (SyslogId=[syslog-id], VSys=[vsys-name], Policy=[policy-name], SrcIp=[source-ip-address], DstIp=[destination-ip-address], SrcPort=[source-port], DstPort=[destination-port], SrcZone=[source-zone], DstZone=[destination-zone], User=[user-name], Protocol=[protocol], Application=[application-name],Profile=[profile-name],DomainName=[domain-name], EventNum=[event-number], Action=[action])

Description

The device determined that the received packet was destined for a malicious domain name using the domain name-filtering function.

Parameters

Parameter Name Parameter Meaning
[syslog-id]

Log ID

[vsys-name]

Name of the virtual system

[policy-name]

Name of the security policy

[source-ip]

Source IP address of packets

[destination-ip]

Destination IP address of packets

[source-port]

Source port of packets (the field is 0 for ICMP packets)

[destination-port]

Destination port of packets (the field is 0 for ICMP packets)

[source-zone]

Source security zone of packets

[destination-zone]

Destination security zone of packets

[user-name]

User name

[protocol]

Protocol of the packets matching the signature

[application-name]

Application of the packets matching the signature

[profile-name]

Profile name

[domain-name]

Malicious domain name

[event-number]

Match count

[action]

Action for the signature

  • Alert
  • Block

Possible Causes

The domain name in the DNS packet matched a malicious domain name in the signature database. The IPS processed the packet based on the configured action and generated a log message.

Procedure

  1. This log message indicates a normal situation, and no action is required.
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097209

Views: 70956

Downloads: 181

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next