No relevant resource is found in the selected language.
MENU
Support Documentation
AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R007 Log Reference

This document supports all the logs of device, including the parameters, meaning, possible causes and solution.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
IPS/4/CNC

IPS/4/CNC

Message

IPS/4/CNC(l): A malware domain was detected. (SyslogId=[syslog-id], VSys=[vsys-name], Policy=[policy-name], SrcIp=[source-ip-address], DstIp=[destination-ip-address], SrcPort=[source-port], DstPort=[destination-port], SrcZone=[source-zone], DstZone=[destination-zone], User=[user-name], Protocol=[protocol], Application=[application-name],Profile=[profile-name],DomainName=[domain-name], EventNum=[event-number], Action=[action])

Description

The device determined that the received packet was destined for a malicious domain name using the domain name-filtering function.

Parameters

Parameter Name Parameter Meaning
[syslog-id]

Log ID
[vsys-name]

Name of the virtual system
[policy-name]

Name of the security policy
[source-ip]

Source IP address of packets
[destination-ip]

Destination IP address of packets
[source-port]

Source port of packets (the field is 0 for ICMP packets)
[destination-port]

Destination port of packets (the field is 0 for ICMP packets)
[source-zone]

Source security zone of packets
[destination-zone]

Destination security zone of packets
[user-name]

User name
[protocol]

Protocol of the packets matching the signature
[application-name]

Application of the packets matching the signature
[profile-name]

Profile name
[domain-name]

Malicious domain name
[event-number]

Match count
[action]

Action for the signature

  • Alert
  • Block

Possible Causes

The domain name in the DNS packet matched a malicious domain name in the signature database. The IPS processed the packet based on the configured action and generated a log message.

Procedure

  1. This log message indicates a normal situation, and no action is required.
Translation
简体中文
Download
Updated: 2020-12-16

Document ID: EDOC1000097209

Views: 271904

Downloads: 226

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next
Enterprise APP

Copyright © 2021 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :