An administrator is examining the attack logs and notices the following entry:
device_id=FG100A3907508962 log_id=18432 subtype=anomaly type=ips
timestamp=1270017358 pri=alert itime=1270017893 severity=critical src=192.168.1.52
dst=64.64.64.64 src_int=internal serial=0 status=clear_session proto=6 service=http
vd=root count=1 src_port=35094 dst_port=80 attack_id=100663402 sensor=protect-servers
ref=http://www.fortinet.com/ids/VID100663402 msg=”anomaly: tcp_src_session, 2 >
threshold 1″ policyid=0 carrier_ep=N/A profile=N/A dst_int=N/A user=N/A group=N/A Based
solely upon this log message, which of the following statements is correct?
A.
This attack was blocked by the HTTP protocol decoder.
B.
This attack was caught by the DoS sensor “protect-servers”.
C.
This attack was launched against the FortiGate unit itself rather than a host behind the
FortiGate unit.
D.
The number of concurrent connections to destination IP address 64.64.64.64 has
exceeded the configured threshold.
Explanation: