Fortinet Document Library

Version:


Table of Contents

More Links

Botnet C&C IP blocking

New Features

6.4.0
Download PDF
Copy Link

IP definitions database merged into the internet service database

The IP definitions database (IPDB, previously known as the IRDB) is merged into the internet service database (ISDB, also known as FFDB). Botnet C&C IP blocking now uses the ISDB as a source.

In the License Information table at System > FortiGuard, Botnet IPs and Internet Service Database Definitions have the same database version.

Updating object versions

When updating object versions in the CLI, Botnet IPs is not listed. Internet-service Database Apps and Internet-service Database Maps are listed, and show the version for Botnet IPs and Internet Service Database Definitions.

# diagnose autoupdate version

......

Internet-service Database Apps
---------
Version: 7.00528
Contract Expiry Date: n/a
Last Updated using scheduled update on Fri Mar 13 12:48:18 2020
Last Update Attempt: Fri Mar 13 16:48:10 2020
Result: No Updates

Internet-service Database Maps
---------
Version: 7.00528
Contract Expiry Date: n/a
Last Updated using scheduled update on Fri Mar 13 12:48:18 2020
Last Update Attempt: Fri Mar 13 16:48:10 2020
Result: No Updates
......

Update debug messages

In FortiOS 6.4 update debug messages, there is no query for the IBDB object:

6.4.0:

pack_obj[196]-Packing obj=Protocol=3.2|Command=Update|Firmware=FG200E-FW-6.04-1565|SerialNumber=FG200E4Q17900126|UpdateMethod=0|AcceptDelta=1|DataItem=06004000APDB00105-00015.00795-2003120019*06004000AVDB00201-00075.01892-2003131320*06004000AVDB00701-00075.01892-2003131320*06004000MMDB00101-00075.01916-2003131321*06004000FLDB00201-00075.01893-2003131325*06004000DBDB00100-00002.00450-2003131322*06004000NIDS02505-00015.00795-2003120019*06004000ISDB00105-00000.00000-0101010000*06004000MUDB00103-00002.00581-2003130417*06004000CIDB00000-00001.00096-2003131527*06004000IPGO00000030492003122111*00000000FCNI00000-00000.00000-0000000000*00000000FDNI00000-00000.00000-0000000000*01000000FSCI00100-00000.00000-0000000000*06004000AVEN02800-00006.00144-2002220146*06004000FLEN06700-00006.00012-2003110118*06004000FLEN05000-00001.00009-1906061402*06004000FFDB00307-00007.00528-2003131142*06004000FFDB00407-00007.00528-2003131142*06004000UWDB00100-00002.00709-2003131105*06004000CRDB00000-00001.00015-1907031016*06004000SFAS00000-00003.00000-2002130915*06004000MCDB00100-00001.00254-2003091200*02000000FNSD00000-00000.00008-0000000000

6.2.3:

pack_obj[192]-Packing obj=Protocol=3.2|Command=Update|Firmware=FG200E-FW-6.02-1093|SerialNumber=FG200E4Q17904482|UpdateMethod=0|AcceptDelta=1|DataItem=06002000APDB00104-00015.00795-2003120019*06002000AVDB00201-00075.02861-2003120945*06002000MMDB00101-00075.01920-2003131421*06002000IBDB00101-00004.00634-2003111709*06002000DBDB00100-00002.00450-2003131322*06002000NIDS02504-00015.00795-2003120019*06002000ISDB00104-00015.00795-2003120019*06002000MUDB00103-00002.00581-2003130417*06002000CIDB00000-00001.00097-2003091749*06002000IPGO00000030492003122111*00000000FCNI00000-00000.00000-0000000000*00000000FDNI00000-00000.00000-0000000000*01000000FSCI00100-00000.00000-0000000000*06002000AVEN02800-00006.00144-2002220146*06002000FLEN07300-00005.00203-2002242346*06002000FLEN05000-00001.00009-1906061402*06002000FFDB00306-00007.00528-2003131137*06002000FFDB00406-00007.00528-2003131137*06002000UWDB00100-00002.00709-2003131105*06002000CRDB00000-00001.00015-1907031016*06002000SFAS00000-00002.00033-1911121935*06002000MCDB00100-0

Diagnosing botnet IPs

Botnet IPs can be diagnosed with the following CLI command:

# diagnose sys botnet-ip {hit | list | find | flush}

Command

Description

hit

Show botnet IP entry hit count data.

list

List botnet IP entries.

find <ip> <port> <protocol>

Find botnet IP entries. Enter the IP address, port number, and protocol number to search the entries.

flush

Flush botnet IP entry hit count data.

More Links

IP definitions database merged into the internet service database

The IP definitions database (IPDB, previously known as the IRDB) is merged into the internet service database (ISDB, also known as FFDB). Botnet C&C IP blocking now uses the ISDB as a source.

In the License Information table at System > FortiGuard, Botnet IPs and Internet Service Database Definitions have the same database version.

Updating object versions

When updating object versions in the CLI, Botnet IPs is not listed. Internet-service Database Apps and Internet-service Database Maps are listed, and show the version for Botnet IPs and Internet Service Database Definitions.

# diagnose autoupdate version

......

Internet-service Database Apps
---------
Version: 7.00528
Contract Expiry Date: n/a
Last Updated using scheduled update on Fri Mar 13 12:48:18 2020
Last Update Attempt: Fri Mar 13 16:48:10 2020
Result: No Updates

Internet-service Database Maps
---------
Version: 7.00528
Contract Expiry Date: n/a
Last Updated using scheduled update on Fri Mar 13 12:48:18 2020
Last Update Attempt: Fri Mar 13 16:48:10 2020
Result: No Updates
......

Update debug messages

In FortiOS 6.4 update debug messages, there is no query for the IBDB object:

6.4.0:

pack_obj[196]-Packing obj=Protocol=3.2|Command=Update|Firmware=FG200E-FW-6.04-1565|SerialNumber=FG200E4Q17900126|UpdateMethod=0|AcceptDelta=1|DataItem=06004000APDB00105-00015.00795-2003120019*06004000AVDB00201-00075.01892-2003131320*06004000AVDB00701-00075.01892-2003131320*06004000MMDB00101-00075.01916-2003131321*06004000FLDB00201-00075.01893-2003131325*06004000DBDB00100-00002.00450-2003131322*06004000NIDS02505-00015.00795-2003120019*06004000ISDB00105-00000.00000-0101010000*06004000MUDB00103-00002.00581-2003130417*06004000CIDB00000-00001.00096-2003131527*06004000IPGO00000030492003122111*00000000FCNI00000-00000.00000-0000000000*00000000FDNI00000-00000.00000-0000000000*01000000FSCI00100-00000.00000-0000000000*06004000AVEN02800-00006.00144-2002220146*06004000FLEN06700-00006.00012-2003110118*06004000FLEN05000-00001.00009-1906061402*06004000FFDB00307-00007.00528-2003131142*06004000FFDB00407-00007.00528-2003131142*06004000UWDB00100-00002.00709-2003131105*06004000CRDB00000-00001.00015-1907031016*06004000SFAS00000-00003.00000-2002130915*06004000MCDB00100-00001.00254-2003091200*02000000FNSD00000-00000.00008-0000000000

6.2.3:

pack_obj[192]-Packing obj=Protocol=3.2|Command=Update|Firmware=FG200E-FW-6.02-1093|SerialNumber=FG200E4Q17904482|UpdateMethod=0|AcceptDelta=1|DataItem=06002000APDB00104-00015.00795-2003120019*06002000AVDB00201-00075.02861-2003120945*06002000MMDB00101-00075.01920-2003131421*06002000IBDB00101-00004.00634-2003111709*06002000DBDB00100-00002.00450-2003131322*06002000NIDS02504-00015.00795-2003120019*06002000ISDB00104-00015.00795-2003120019*06002000MUDB00103-00002.00581-2003130417*06002000CIDB00000-00001.00097-2003091749*06002000IPGO00000030492003122111*00000000FCNI00000-00000.00000-0000000000*00000000FDNI00000-00000.00000-0000000000*01000000FSCI00100-00000.00000-0000000000*06002000AVEN02800-00006.00144-2002220146*06002000FLEN07300-00005.00203-2002242346*06002000FLEN05000-00001.00009-1906061402*06002000FFDB00306-00007.00528-2003131137*06002000FFDB00406-00007.00528-2003131137*06002000UWDB00100-00002.00709-2003131105*06002000CRDB00000-00001.00015-1907031016*06002000SFAS00000-00002.00033-1911121935*06002000MCDB00100-0

Diagnosing botnet IPs

Botnet IPs can be diagnosed with the following CLI command:

# diagnose sys botnet-ip {hit | list | find | flush}

Command

Description

hit

Show botnet IP entry hit count data.

list

List botnet IP entries.

find <ip> <port> <protocol>

Find botnet IP entries. Enter the IP address, port number, and protocol number to search the entries.

flush

Flush botnet IP entry hit count data.