Detected ICMP Flooding attack – Received many ICMP packets from one particular IP within a short time.
Detected TCP Flooding attack – Received many TCP SYN packets (connection requests) from one particular IP within a short time.
Identical IP addresses detected in network – Received two ARP replies for one particular IP with different MAC adresses (A standardized network address assigned to network interfaces for communications on the physical network) within a short period of time.
TCP packet not belonging to any open connection – TCP packet does not belong to any existing flow.
Detected covert channel exploit in ICMP packet – Unexpected data found in ICMP echo messages. User might have an application that implements PING or might be running Linux as a virtual computer. Allowing communication for bridged connections can help to avoid false positives from virtual computers.
Detected unexpected data in protocol – Improperly formatted ARP, DNS or ICMP echo packets. Or zero port in TCP/UDP/.
Address temporarily blocked by active defense (IDS) – IP address was previously blocked by Active defense. Blocking unsafe addresses after detection should be enabled.
Packet blocked by active defense (IDS) – Packet was blocked by IDS without specific reason. You should not see this log.