IPS/4/CNC

Enterprise

Worldwide

Huawei Global - English

- South Africa - English
- Morocco - English
- Brazil - Português
- Mexico - Español
- United Arab Emirates - English
- Saudi Arabia - English
- Australia - English
- China - 简体中文
- Hong Kong, China - English
- India - English
- Japan - 日本語
- South Korea- English
- Kazakhstan - русский
- Malaysia - English
- Singapore - English
- Indonesia - English
- Thailand - English
- Philippines - English
- Austria - Deutsch
- Czech - English
- France - Français
- Germany - Deutsch
- Greece - English
- Hungary- English
- Italy - Italiano
- Poland - English
- Sweden - English
- Russia - русский
- Spain - Español
- Turkey - Türkçe
- United Kingdom - English
- Ukraine - English

Menu
Products and Services
Industries
Technical Support
Partners
Community

Most people search for
Switches Routers Servers Storage Data Center Energy Cloud Computing

AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R007 Log Reference

This document supports all the logs of device, including the parameters, meaning, possible causes and solution.

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

IPS/4/CNC

Message

IPS/4/CNC(l): A malware domain was detected. (SyslogId=[syslog-id], VSys=[vsys-name], Policy=[policy-name], SrcIp=[source-ip-address], DstIp=[destination-ip-address], SrcPort=[source-port], DstPort=[destination-port], SrcZone=[source-zone], DstZone=[destination-zone], User=[user-name], Protocol=[protocol], Application=[application-name],Profile=[profile-name],DomainName=[domain-name], EventNum=[event-number], Action=[action])

Description

The device determined that the received packet was destined for a malicious domain name using the domain name-filtering function.

Parameters

Parameter Name	Parameter Meaning
[syslog-id]	Log ID
[vsys-name]	Name of the virtual system
[policy-name]	Name of the security policy
[source-ip]	Source IP address of packets
[destination-ip]	Destination IP address of packets
[source-port]	Source port of packets (the field is 0 for ICMP packets)
[destination-port]	Destination port of packets (the field is 0 for ICMP packets)
[source-zone]	Source security zone of packets
[destination-zone]	Destination security zone of packets
[user-name]	User name
[protocol]	Protocol of the packets matching the signature
[application-name]	Application of the packets matching the signature
[profile-name]	Profile name
[domain-name]	Malicious domain name
[event-number]	Match count
[action]	Action for the signature Alert Block

Possible Causes

The domain name in the DNS packet matched a malicious domain name in the signature database. The IPS processed the packet based on the configured action and generated a log message.

Procedure

This log message indicates a normal situation, and no action is required.

Translation

简体中文

Download

Updated: 2022-05-17

Document ID: EDOC1000097209

Downloads: 247

Average rating:

This Document Applies to these Products