Why did the ProxySG appliance log display the 'Blocking client IP address [IP-address], exceeded request failure limit' message in the event log?

Solution

Overview

Example:

 2011-01-01 01:11:11+09:00JST  "Blocking client IP address *.*.*.*, exceeded request failure limit "

This message is logged by the attack-detection feature because the ProxySG appliance detected and blocked client communication from an IP address host.

If that message is found in the event log, the appliance has received a large number of packets from another host intentionally or accidentally. You can be relatively certain that the appliance has been attacked.

For details of the client-side attack detection, refer to the following KB articles: KB3401 or FAQ315.

The attack detection feature is only configurable using the CLI. Check the software configuration in the sysinfo file or enter:

#(config attack-detection) view configuration

This command displays how the appliance handles such traffic from outside of the appliance.

 

Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ1755
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat