Help
FortiDDoS
FortiDDoS protects from both known and zero day attacks with very low latency. It’s easy to deploy and manage, and includes comprehensive reporting and analysis tools.
cbenejean
Staff
Staff

Created on ‎05-30-2017 06:28 AM

Article Id 193652

Technical Note: Changes to anomalies reported in SPP-0

Description
After upgrading to 4.2.2 an increase may be seen of the packet drops with L3/L4 anomalies into the different SPP except SPP-0.

Scope
Starting from FortiDDoS v4.2.2

Solution
By design, from release 4.0.0, the following anomalies were reported in SPP-0 no matter which subnet policy/SPP they occurred in:
  • Layer 3 checksum errors
  • Layer 3 Anomalies
  • Layer 4 (TCP/UDP/ICMP) checksum errors

From 4.2.2, anomalies that allow us to determine the destination IP will be reported in the matching SPP.  For this reason an increase may be seen in the anomalies graph and logs for some of the SPPs after an upgrade to 4.2.2 or later.

Some anomalies like invalid IP versions, invalid header length, less than 20 Bytes of IPv4/IPv6 data and less than 20 Bytes of total data will still be reported in SPP-0.

411
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.