What are the Threat IDs for Packet Based Attacks associated with Zone Protection?
Environment
All PAN-OS
Answer
List of active threat IDs for scan and flood associated with Zone Protection. The entire threat ID allotted ranges are 8700-8799.
Threat-ID 8721
This event detects the source or destination address of the network packet is defined as an unspecified address or an address reserved for future definition and use as specified in RFC 3513 for IPv6.
Threat-ID 8722
This event detects TCP split handshake, where both a client and server of a TCP connection send a SYN packet to each other simultaneously.
Threat-ID 8723
This event detects a TCP SYN packet with payload, and a TCP fast open option is not present.
Threat-ID 8724
This event detects a TCP SYN-ACK packet with payload, and a TCP fast open option is not present.
Threat-ID 8725
This event detects and strips the TCP Fast Open option (and data payload, if any) from the TCP SYN or SYN-ACK packet during a TCP three-way handshake.
Threat-ID 8726
This event detects the presence of fragmented IP packets.
Threat-ID 8727
This event detects attempts at spoofing of IP address.
Threat-ID 8728
This event detects attempts to launch a ping of death DoS attack.
Threat-ID 8729
This event detects the presence of ICMP Packets that are larger than 1024 bytes.
Threat-ID 8730
This event detects the presence of ICMP fragments.
Threat-ID 8731
This event detects the presence of an error message embedded within ICMP packets.
Threat-ID 8732
This event is triggered when encountering a TCP packet which does not belong to an existing session. Any new session is expected to begin with a SYN packet and dropped if not so.
Additional Information
All the threat IDs have a severity equal to informational which default action is to alert.