Hi Guys,
I have some firewall logs showing and i just wanted clarification on what im seeing.
27K_11857 blocked-addr: DDoS: forward: in:ether1 - WAN1 out:ether4 - 27K --> BSB_OSPF, src-mac 00:23:3e:53:42:50, proto UDP, 192.48.79.30:53->IP.ON.OUR.NETWORK:62988, len 537
27K_11857 DDoS Blacklist: DDoS: forward: in:ether1 - WAN1 out:ether4 - 27K --> BSB_OSPF, src-mac 00:23:3e:53:42:50, proto UDP, 192.48.79.30:53->IP.ON.OUR.NETWORK:62988, len 537
The way I understand the messages is as follows.
Router Identity = 27K_11857
blocked-addr = Log Prefix
DDoS = Log Prefix
Forward = Chain
in = Port inbound
out = Port outbound
src mac = Mac of the source
Proto = Protocol
Source and Destination IPs
Len = ?? I’m unsure as to what Len means. Do you guys have any insight as to what that means?
If i have misunderstood any of the other sections, could you guys please help to educate me a little bit.
Thanks in advance guys.