Hot!IP.Unknown.Option

Author
fsmar
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/03/20 11:11:40
  • Status: offline
2020/07/27 13:18:50 (permalink)
0

IP.Unknown.Option

Hi all
 
I'm getting the following, I am aware also what is causing it (a known internal security scan), how can i DISABLE getting notified about these  "IP.Unknown.Option" alerts?  can someone point me to the right cli commands (or gui settings) Its a fg200b running 5.2.13
 
Message meets Alert condition
The following intrusion was observed: IP.Unknown.Option.
date=2020-07-25 time=21:38:55 devname=XXXXXX devid=XXXXXX logid=0720018432 type=anomaly subtype=anomaly level=alert vd="root" severity=critical srcip=XXXXXX srccountry="Reserved" dstip=XXXXXX srcintf="XXXXXX" sessionid=0 action=dropped proto=6 service=HTTP count=2 attack="IP.Unknown.Option" srcport=33753 dstport=80 attackid=108 ref="http://www.fortinet.com/ids/VID108" msg="anomaly: IP.Unknown.Option, repeats 2 times" crscore=50 crlevel=critical

 
 
#1

3 Replies Related Threads

    fsmar
    New Member
    • Total Posts : 7
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/03/20 11:11:40
    • Status: offline
    Re: IP.Unknown.Option 2020/07/27 14:16:05 (permalink)
    0
    i tried this but didnt work (from another website)

    config ips sensor
         edit "IP.Unknown.Option"
             config entries
                 edit 1
                    set rule 180
                    set log disable
                 next
             end
         next
     end

    #2
    darwin_FTNT
    Bronze Member
    • Total Posts : 52
    • Scores: 4
    • Reward points: 0
    • Joined: 2018/04/24 18:12:28
    • Status: offline
    Re: IP.Unknown.Option 2020/07/28 22:00:52 (permalink)
    0
    Hi fsmar,

    Can check the following docs:


    https://kb.fortinet.com/kb/documentLink.do?externalID=FD33609
     
     
    #3
    fsmar
    New Member
    • Total Posts : 7
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/03/20 11:11:40
    • Status: offline
    Re: IP.Unknown.Option 2020/07/29 06:28:18 (permalink)
    0
    darwin
    Hi fsmar,

    Can check the following docs:


    https://kb.fortinet.com/kb/documentLink.do?externalID=FD33609
     
     




     
    I dont think it is the same case, can you tell me more about it? I dont see there any documentation on how to disable these notifications
    #4
    Jump to:
    © 2020 APG vNext Commercial Version 5.5