IPS logs with Attack ID 0 and Attack Name Unknown?

tanr · ‎09-05-2018

I'm seeing some IPS logs for outbound connections that show no ID or name, like so:

Attack Name Unknown Attack ID 0 Reference https://fortiguard.com/encyclopedia/ips/0

Message : ,

Event Type signature

Protocol Number 6

Type utm

Sub Type ips

Destination

IP 52.162.166.27 Host Name client-s.gateway.messenger.live.com Port 443 Destination Interface Hostname ch1-client-s.gateway.messenger.live.com URL ch1-client-s.gateway.messenger.live.com Application Protocol tcp Service P2P

Action detected

Any ideas what might be going on?

tanr · ‎09-05-2018

Forgot to add: FortiOS 5.6, Extended IPS database.

It is showing that it's using one of my specific IPS profiles, but the only P2P application listed within that profile has a proper ID.

Aleksandr_Avdiuhskin · ‎09-06-2018

Hi Tanr,

I have found same message from my reporting system.

attackid=0 ref="http://www.fortinet.com/ids/VID0"

Regards,

pal_FTNT · ‎09-06-2018

It's a known issue and the developers are already looking into it.

tanr · ‎09-07-2018

Thanks for the update. Is there a bug number to track this?

pal_FTNT · ‎09-07-2018

510539

IPS logs with Attack ID 0 and Attack Name Unknown?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website