[Dshield] NetScreen Log Conversion FUBAR

Munpe Q funyon at gmail.com
Sun Jun 12 18:36:56 GMT 2005


Would someone kindly let me in on why the Dshield UFC doesn't
recognize the dst-port as being valid?

The background on this log is that it is simply coming off of the Self
log instead of an implicit deny policy, but the logging format is the
same.

ScreenOS:  ns5gtadv.5.2.0r1.0


2005-06-12 08:52:28	Local7.Notice	192.168.200.1	HorkJunk: NetScreen
device_id=HorkJunk  [No Name]system-notification-00257(traffic):
start_time="2005-06-12 08:51:47" duration=0 policy_id=320001
service=udp/port:1026 proto=17 src zone=Null dst zone=self action=Deny
sent=0 rcvd=502 src=61.53.154.81 dst=1.1.1.1 src_port=34853
dst_port=1026 session_id=0<000>

Rejected: Destination Port is invalid. 1026 session_id=0




More information about the list mailing list