Netstat IDS/-k report
Displays information about intrusion detection services.
TSO syntax
Modifier
>>-+--------------------+-------------------------------------->< +-SUMmary------------+ '-PROTOcol--protocol-'
- SUMmary
- Displays summary information about intrusion detection services.
- PROTOcol protocol
- Displays information about intrusion detection services for the specified protocol. The valid protocols are TCP and UDP.
Target
Provide the report for a specific TCP/IP address space by using TCp tcpname. See The Netstat command target for more information about the TCp parameter.
Output
The default output option displays the output on the user's terminal. For other options, see The TSO NETSTAT command syntax or Netstat command output.
z/OS UNIX syntax
Modifier
- SUMmary
- Displays summary information about intrusion detection services.
- PROTOcol protocol
- Displays information about intrusion detection services for the specified protocol. The valid protocols are TCP and UDP.
Target
Provide the report for a specific TCP/IP address space by using -p tcpname. See The Netstat command target for more information about the TCp parameter.
Output
The default output option displays the output to z/OS UNIX shell stdout. For other options, see The z/OS UNIX netstat command syntax or Netstat command output.
Command syntax examples
From TSO environment
NETSTAT IDS
NETSTAT IDS SUMMARY
NETSTAT IDS PROTOCOL TCP
NETSTAT IDS PROTOCOL UDPFrom UNIX shell environment
netstat -k
netstat -k SUMMARY
netstat -k PROTOCOL TCP
netstat -k PROTOCOL UDPReport examples
The following examples are generated by using TSO NETSTAT command. Using the z/OS UNIX Netstat command displays the data in the same format as the TSO NETSTAT command.
Not IPv6 enabled example (SHORT format):
NETSTAT IDS
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 11:51:44
Intrusion Detection Services Summary:
Scan Detection:
GlobRuleName: ScanGlobal-rule
IcmpRuleName: ScanEventIcmp-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
SrcIPsTrkd: 0 StrgLev: 00000
Attack Detection:
Malformed Packets
PlcRuleName: AttackMalformed-rule
TotDetected: 11 DetCurrPlc: 8
DetCurrInt: 0 Interval: 0
OutBound RAW Restrictions
PlcRuleName: AttackOutboundRaw-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
Restricted Protocols
PlcRuleName: AttackIPprot-rule
TotDetected: 4 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
Restricted IP Options
PlcRuleName: AttackIPopt-rule
TotDetected: 64 DetCurrPlc: 10
DetCurrInt: 0 Interval: 0
ICMP Redirect Restrictions
PlcRuleName: AttackICMPRedirect-rule
TotDetected: 10 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
IP Fragment Restrictions
PlcRuleName: AttackIpFragment-rule
TotDetected: 4 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
UDP Perpetual Echo
PlcRuleName: AttackPerpEcho-rule
TotDetected: 32 DetCurrPlc: 10
DetCurrInt: 0 Interval: 0
Floods
PlcRuleName: AttackFlood-rule
TotDetected: 3 DetCurrPlc: 2
DetCurrInt: 0 Interval: 5 Data Hiding
PlcRuleName: AttackDataHiding-rule
TotDetected: 8 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
TCP Queue Size
PlcRuleName: AttackTCPQueSz-rule
TotDetected: 27 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
Global TCP Stall
PlcRuleName: AttackTCPStall-rule
TotDetected: 1 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
EE LDLC Check
PlcRuleName: EE_Attack-LDLC
TotDetected: 3 DetCurrPlc: 3
DetCurrInt: 0 Interval: 60
EE Malformed Packet
PlcRuleName: EE_Attack-Malformed
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
EE Port Check
PlcRuleName: EE_Attack-Port
TotDetected: 2 DetCurrPlc: 2
DetCurrInt: 0 Interval: 60
EE XID Flood
PlcRuleName: EE_Attack-XID
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
Traffic Regulation:
TCP
ConnRejected: 3 PlcActive: Y
UDP
PckDiscarded: 0 PlcActive: Y
Active Global Conditions:
ServersInConnFlood: 5
TCPStalledConns: 345 TCPStalledConnsPct: 14
Active Interface Floods:
IntfName: ETH1
DiscardCnt: 1828 DiscardRate: 57 Duration: 68
Intrusion Detection Services TCP Port List:
TcpListeningSocket: 0.0.0.0..23
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: ids-rule1
TrPortInst: Y TrCorr: 0 MxApp: 0 MxHst: 3
SynFlood: N ConnFlood: N
Intrusion Detection Services UDP Port List:
UdpDestSocket: 9.39.69.147..909
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: *NONE*
TrCorr: 0 Discarded: 0 NETSTAT IDS SUMMARY
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 11:51:44
Intrusion Detection Services Summary:
Scan Detection:
GlobRuleName: ScanGlobal-rule
IcmpRuleName: ScanEventIcmp-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
SrcIPsTrkd: 0 StrgLev: 00000
Attack Detection:
Malformed Packets
PlcRuleName: AttackMalformed-rule
TotDetected: 11 DetCurrPlc: 8
DetCurrInt: 0 Interval: 0
OutBound RAW Restrictions
PlcRuleName: AttackOutboundRaw-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
Restricted Protocols
PlcRuleName: AttackIPprot-rule
TotDetected: 4 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
Restricted IP Options
PlcRuleName: AttackIPopt-rule
TotDetected: 64 DetCurrPlc: 10
DetCurrInt: 0 Interval: 0
ICMP Redirect Restrictions
PlcRuleName: AttackICMPRedirect-rule
TotDetected: 10 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
IP Fragment Restrictions
PlcRuleName: AttackIpFragment-rule
TotDetected: 4 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
UDP Perpetual Echo
PlcRuleName: AttackPerpEcho-rule
TotDetected: 32 DetCurrPlc: 10
DetCurrInt: 0 Interval: 0
Floods
PlcRuleName: AttackFlood-rule
TotDetected: 3 DetCurrPlc: 2
DetCurrInt: 0 Interval: 5 Data Hiding
PlcRuleName: AttackDataHiding-rule
TotDetected: 8 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
TCP Queue Size
PlcRuleName: AttackTCPQueSz-rule
TotDetected: 27 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
Global TCP Stall
PlcRuleName: AttackTCPStall-rule
TotDetected: 1 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
EE LDLC Check
PlcRuleName: EE_Attack-LDLC
TotDetected: 3 DetCurrPlc: 3
DetCurrInt: 0 Interval: 60
EE Malformed Packet
PlcRuleName: EE_Attack-Malformed
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
EE Port Check
PlcRuleName: EE_Attack-Port
TotDetected: 2 DetCurrPlc: 2
DetCurrInt: 0 Interval: 60
EE XID Flood
PlcRuleName: EE_Attack-XID
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
Traffic Regulation:
TCP
ConnRejected: 3 PlcActive: Y
UDP
PckDiscarded: 0 PlcActive: Y
Active Global Conditions:
ServersInConnFlood: 5
TCPStalledConns: 345 TCPStalledConnsPct: 14
Active Interface Floods:
IntfName: ETH1
DiscardCnt: 1828 DiscardRate: 57 Duration: 68 NETSTAT IDS PROTOCOL TCP
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 11:51:44
Intrusion Detection Services TCP Port List:
TcpListeningSocket: 0.0.0.0..23
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: ids-rule1
TrPortInst: Y TrCorr: 0 MxApp: 0 MxHst: 3
SynFlood: N ConnFlood: N NETSTAT IDS PROTOCOL UDP
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 11:51:44
Intrusion Detection Services UDP Port List:
UdpDestSocket: 9.39.69.147..909
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: *NONE*
TrCorr: 0 Discarded: 0 IPv6 enabled or request for LONG format:
NETSTAT IDS
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 11:51:44
Intrusion Detection Services Summary:
Scan Detection:
GlobRuleName: ScanGlobal-rule
IcmpRuleName: ScanEventIcmp-rule
Icmpv6RuleName: ScanEventIcmpv6-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
SrcIPsTrkd: 0 StrgLev: 00000
Attack Detection:
Malformed Packets
PlcRuleName: AttackMalformed-rule
TotDetected: 11 DetCurrPlc: 8
DetCurrInt: 0 Interval: 0
OutBound IPv4 RAW Restrictions
PlcRuleName: AttackOutboundRaw-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
Restricted IPv4 Protocols
PlcRuleName: AttackIPprot-rule
TotDetected: 4 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
Restricted IPv4 Options
PlcRuleName: AttackIPopt-rule
TotDetected: 64 DetCurrPlc: 10
DetCurrInt: 0 Interval: 0
ICMP Redirect Restrictions
PlcRuleName: AttackICMPRedirect-rule
TotDetected: 10 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
IP Fragment Restrictions
PlcRuleName: AttackIpFragment-rule
TotDetected: 4 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
UDP Perpetual Echo
PlcRuleName: AttackPerpEcho-rule
TotDetected: 32 DetCurrPlc: 10
DetCurrInt: 0 Interval: 0
Floods
PlcRuleName: AttackFlood-rule
TotDetected: 3 DetCurrPlc: 2
DetCurrInt: 0 Interval: 5
Data Hiding
PlcRuleName: AttackDataHiding-rule
TotDetected: 8 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
TCP Queue Size
PlcRuleName: AttackTCPQueSz-rule
TotDetected: 27 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
Global TCP Stall
PlcRuleName: AttackTCPStall-rule
TotDetected: 1 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
EE LDLC Check
PlcRuleName: EEAttack-LDLC
TotDetected: 3 DetCurrPlc: 3
DetCurrInt: 0 Interval: 60 EE Malformed Packet
PlcRuleName: EEAttack-Malformed
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
EE Port Check
PlcRuleName: EE_Attack-Port
TotDetected: 2 DetCurrPlc: 2
DetCurrInt: 0 Interval: 60
EE XID Flood
PlcRuleName: EE_Attack-XID
TptDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
OutBound IPv6 RAW Restrictions
PlcRuleName: AttackOutboundv6Raw-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
Restricted IPv6 Next Headers
PlcRuleName: AttackNextHdr-rule
TotDetected: 30 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
Restricted IPv6 Destination Options
PlcRuleName: AttackDestOpts-rule
TotDetected: 15 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
Restricted IPv6 Hop-by-Hop Options
PlcRuleName: AttackHopOpts-rule
TotDetected: 3 DetCurrPlc: 1
DetCurrInt: 0 Interval: 0
Traffic Regulation:
TCP
ConnRejected: 3 PlcActive: Y
UDP
PckDiscarded: 0 PlcActive: Y
Active Global Conditions:
ServersInConnFlood: 5
TCPStalledConns: 345 TCPStalledConnsPct: 14
Active Interface Floods:
IntfName: ETH1
DiscardCnt: 1828 DiscardRate: 57 Duration: 68
Intrusion Detection Services TCP Port List:
TcpListeningSocket: 0.0.0.0..23
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: ids-rule1
TrPortInst: Y TrCorr: 0 MxApp: 0 MxHst: 3
SynFlood: N ConnFlood: N
TcpListeningSocket: 2001:db8::9:67:115:66..21
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: ids-rule1
TrPortInst: Y TrCorr: 0 MxApp: 1 MxHst: 2
SynFlood: N ConnFlood: N
Intrusion Detection Services UDP Port List:
UdpDestSocket: 9.39.69.147..909
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: *NONE*
TrCorr: 0 Discarded: 0
UdpDestSocket: 2001:db8::9:67:115:78..911
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: *NONE*
TrCorr: 0 Discarded: 0
NETSTAT IDS SUMMARY
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 11:51:44
Intrusion Detection Services Summary:
Scan Detection:
GlobRuleName: ScanGlobal-rule
IcmpRuleName: ScanEventIcmp-rule
Icmpv6RuleName: ScanEventIcmpv6-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
SrcIPsTrkd: 0 StrgLev: 00000
Attack Detection:
Malformed Packets
PlcRuleName: AttackMalformed-rule
TotDetected: 11 DetCurrPlc: 8
DetCurrInt: 0 Interval: 0
OutBound IPv4 RAW Restrictions
PlcRuleName: AttackOutboundRaw-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
Restricted IPv4 Protocols
PlcRuleName: AttackIPprot-rule
TotDetected: 4 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
Restricted IPv4 Options
PlcRuleName: AttackIPopt-rule
TotDetected: 64 DetCurrPlc: 10
DetCurrInt: 0 Interval: 0
ICMP Redirect Restrictions
PlcRuleName: AttackICMPRedirect-rule
TotDetected: 10 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
IP Fragment Restrictions
PlcRuleName: AttackIpFragment-rule
TotDetected: 4 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
UDP Perpetual Echo
PlcRuleName: AttackPerpEcho-rule
TotDetected: 32 DetCurrPlc: 10
DetCurrInt: 0 Interval: 0
Floods
PlcRuleName: AttackFlood-rule
TotDetected: 3 DetCurrPlc: 2
DetCurrInt: 0 Interval: 5
Data Hiding
PlcRuleName: AttackDataHiding-rule
TotDetected: 8 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
TCP Queue Size
PlcRuleName: AttackTCPQueSz-rule
TotDetected: 27 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
Global TCP Stall
PlcRuleName: AttackTCPStall-rule
TotDetected: 1 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0 EE LDLC Check
PLCRuleName: EE_Attack-LDLC
TotDetected: 3 DetCurrPlc: 3
DetCurrInt: 0 Interval: 1
EE Malformed Packet
PlcRuleName: EE_Attack-Malformed
TotDetected: 0 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
EE Port Check
PlcRuleName: EE_Attack-Port
TotDetected: 2 DetCurrPlc: 2
DetCurrInt: 0 Interval: 60
EE XID Flood
PlcRuleName: EE_Attack-XID
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
OutBound IPv6 RAW Restrictions
PlcRuleName: AttackOutboundv6Raw-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
Restricted IPv6 Next Headers
PlcRuleName: AttackNextHdr-rule
TotDetected: 30 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
Restricted IPv6 Destination Options
PlcRuleName: AttackDestOpts-rule
TotDetected: 15 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
Restricted IPv6 Hop-by-Hop Options
PlcRuleName: AttackHopOpts-rule
TotDetected: 3 DetCurrPlc: 1
DetCurrInt: 0 Interval: 0
Traffic Regulation:
TCP
ConnRejected: 3 PlcActive: Y
UDP
PckDiscarded: 0 PlcActive: Y
Active Global Conditions:
ServersInConnFlood: 5
TCPStalledConns: 345 TCPStalledConnsPct: 14
Active Interface Floods:
IntfName: ETH1
DiscardCnt: 1828 DiscardRate: 57 Duration: 68 NETSTAT IDS PROTOCOL TCP
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 11:51:44
Intrusion Detection Services TCP Port List:
TcpListeningSocket: 0.0.0.0..23
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: ids-rule1
TrPortInst: Y TrCorr: 0 MxApp: 0 MxHst: 3
SynFlood: N ConnFlood: N
TcpListeningSocket: 2001:db8::9:67:115:66..21
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: ids-rule1
TrPortInst: Y TrCorr: 0 MxApp: 1 MxHst: 2
SynFlood: N ConnFlood: NNETSTAT IDS PROTOCOL UDP
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 11:51:44
Intrusion Detection Services UDP Port List:
UdpDestSocket: 9.39.69.147..909
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: *NONE*
TrCorr: 0 Discarded: 0
UdpDestSocket: 2001:db8::9:67:115:78..911
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: *NONE*
TrCorr: 0 Discarded: 0
Report field descriptions
- SUMmary
- Display summary information about intrusion detection services.
The following describes the information displayed by the SUMmary option.
- For Scan Detection:
This section displays the following scan detection information. See Intrusion detection services in z/OS Communications Server: IP Configuration Guide for detailed information about IDS scan support.
- GlobRuleName
- The Global Scan rule name or *NONE* if scan detection is not active.
- IcmpRuleName
- The Scan ICMP rule name or *NONE* if ICMP scan event policy is not active.
- Icmpv6RuleName
- The Scan ICMPv6 rule name or *NONE* if ICMPv6 scan event policy is not active.
- TotDetected
- The number of scans detected since the TCP stack was started.
- DetCurrPlc
- The number of scans detected since the last Scan Global policy change.
- DetCurrInt
- The number of scans detected in the current scan interval.
- Interval
- The length of the internal scan interval used to detect scans. This value is either 30 seconds or 60 seconds depending on the fast scan interval specified in the policy.
- SrcIPsTrkd
- The number of source IP addresses currently being monitored by scan detection.
- StrgLev
- The amount of private storage, in megabytes, that scan detection is using. This value is calculated at each internal interval. If 0 is shown, this indicates that no storage is currently in use for scan detection. 0M indicates that less than 1 MB of storage is in use.
- For Attack Detection:
This section displays the following information for each attack type. See Intrusion Detection Services in z/OS Communications Server: IP Configuration Guide for detailed information about IDS attack support.
- PlcRuleName
- The attack rule name or *NONE* if no policy is active for the attack type.
- TotDetected
- The number of attacks detected since the TCP stack was started.
- DetCurrPlc
- The number of attacks detected since the last policy change.
- DetCurrInt
- The number of attacks detected in the current statistics interval. If statistics is not specified in the policy, the value of this field is 0.
- Interval
- The current statistics interval or 0 if statistics is not specified in the policy.
- For Traffic Regulation:
This section displays the following TCP and UDP traffic regulation information. See Intrusion detection services in z/OS Communications Server: IP Configuration Guide for detailed information about IDS traffic regulation support.
- ConnRejected
- The number of TCP connections rejected by Traffic Regulation since the TCP/IP stack was started.
- PckDiscarded
- The number of UDP packets discarded by Traffic Regulation since the TCP/IP stack was started.
- PlcActive
-
- Y
- Indicates that TR policy is active for at least one port in the respective protocol.
- N
- Indicates that Traffic Regulation is not active for any ports in the respective protocol.
- For Active Global Conditions:
Displays the following global state information related to IDS and attack protection.
- ServersInConnFlood
- The number of TCP servers that are currently under a potential connection flood attack. A server is considered under a potential connection flood attack when backlog queue expansion is required to handle the incoming connection requests. When more than 25 servers are under a potential connection flood attack, no server's backlog queue will be allowed to expand. This is an action taken to protect TCP/IP stack resources. There is no IDS configuration associated with this protection.
- TCPStalledConns
- The number of TCP connections whose send data flow is currently
stalled. The send data flow is considered stalled if one or more of
the following conditions are true:
- The TCP send window size is less than 256 or is less than the smaller of the largest send window that has been seen for the connection and the default MTU. The TCP send window size is set based on values provided by the TCP peer. The default MTU for IPv4 is 576. The default MTU for IPv6 is 1280.
- The TCP send queue is full and the data is not being retransmitted.
- TCPStalledConnsPct
- The percentage of active TCP connections whose send data flow is currently stalled. If IDS attack type Global TCP Stall is configured, a global TCP stall condition is detected when the send data flow of at least 50% of the active TCP connections is stalled and at least 1000 TCP connections are active.
- For Active Interface Floods:
This section is displayed only if there is one or more interface floods in progress. Interface flood discard counts and rates are updated at one-minute intervals.
- Intfname
- The name of the interface that is currently experiencing an interface flood condition.
- DiscardCnt
- The number of inbound packets discarded or not processed since the interface flood was detected.
- DiscardRate
- The percentage of discarded packets detected on the interface since the interface flood was detected.
- Duration
- The number of seconds since the start of the interface flood was detected.
- For Scan Detection:
- PROTOcol protocol
- Display information about intrusion detection services for the
specified protocol. The valid protocols are TCP and UDP.
The following describes the information displayed by the PROTOcol selected. The information is displayed by destination IP address and port. This information is displayed only for the applications with IDS related information, such as if Traffic Regulation or Scan Detection policy is active for the application. For TCP, the data is also shown if the application is currently experiencing a SYN flood.
- TcpListeningSocket
- The destination IP address and port.
- ScStat
- ScRuleName currency, can have the following values:
- C
- Indicates ScRuleName shows the most recent Scan event rule for this application.
- S
- Indicates policy has changed and ScRuleName might not yet reflect the change.
- ScRuleName
- The Scan Event rule associated with this application or *NONE*.
- TrStat
- TrRuleName currency, can have the following values:
- C
- Indicates TrRuleName shows the most recent Traffic Regulation rule for this application.
- S
- Indicates policy has changed and TrRuleName might not yet reflect the change.
- TrRuleName
- The Traffic Regulation rule associated with this application or *NONE*.
- TrPortInst
- If TrRuleName is shown:
- Y
- Indicates that TCP traffic regulation was configured to limit by each socket (also known as limit by port instance). This data applies only to this application.
- N
- Indicates that TCP traffic regulation was not configured to limit by each socket. The MxApp and MxHst information applies to all applications using this port that do not have a separate rule that was configured to limit by each socket.
- TrCorr
- The traffic regulation constrained state correlator. A value of 0 indicates the application is not constrained.
- MxHst
- The number of connections rejected since the last policy change due to a source IP exceeding the percentage of available connections allowed for a single source IP.
- MxApp
- The number of connections rejected since the last policy change because the total number of connections was exceeded.
- SynFlood
-
Indicates if the application is currently experiencing a SYN flood. A server is considered under a SYN flood attack when connection requests are being discarded because the backlog queue is full and cannot be expanded any further.
- Y
- Indicates a SYN flood is in progress.
- N
- Indicates a SYN flood is not in progress.
- ConnFlood
- Indicates if the application is currently experiencing a potential
connection flood. A server is considered under a potential connection
flood attack when backlog queue expansion is required to handle the
incoming connection requests. The point where a potential connection
flood attack is detected is based on the initial size of the backlog
queue. A small initial backlog queue (for example, 10 entries) is
allowed to expand twice before the server is considered under attack,
while a server with a large initial backlog queue (for example, 500
entries) can expand once, up to a maximum of 768 entries, before it
is considered under attack.
- Y
- Indicates a potential connection flood is in progress.
- N
- Indicates a potential connection flood is not in progress.
- UdpDestSocket
- The destination IP address and port.
- Discarded
- The total number of packets discarded since the last policy change because the queue size configured for UDP traffic regulation was exceeded.