Why did the ProxySG appliance log display the 'Blocking client IP address [IP-address], exceeded request failure limit' message in the event log?


<< Back to Knowledge Search

Solution

Overview

Example:

 2011-01-01 01:11:11+09:00JST  "Blocking client IP address *.*.*.*, exceeded request failure limit "

This message is logged by the attack-detection feature because the ProxySG appliance detected and blocked client communication from an IP address host.

If that message is found in the event log, the appliance has received a large number of packets from another host intentionally or accidentally. You can be relatively certain that the appliance has been attacked.

For details of the client-side attack detection, refer to the following KB articles: KB3401 or FAQ315.

The attack detection feature is only configurable using the CLI. Check the software configuration in the sysinfo file or enter:

#(config attack-detection) view configuration

This command displays how the appliance handles such traffic from outside of the appliance.

 

Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ1755
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Article Number      000016129
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat