Flood Detection (8910001)
Freshman Member
Hello.
Today I've visited LOG on my ZyWall 100, and saw warning lines:
Today I've visited LOG on my ZyWall 100, and saw warning lines:
Category: ADP
from Any to ZyWALL, [type=Flood-Detection(8910001)] TCP Flood TCP Flood Action: Block Severity: medium [count=2]
All of the floods are blocked, but there are thousands of strings in the LOG and CPU loads for 90%.
What Can I do? Give me suggestions, please.
All of the floods are blocked, but there are thousands of strings in the LOG and CPU loads for 90%.
What Can I do? Give me suggestions, please.
0
All Replies
-
Hi @follet,If it have large amount attack traffic continuously, we would suggest to disable the flooding log temporarily,because the device keep on writing the log, which will consume the CPU loading.
Assume those traffic have specific pattern, you also can try to block by IDP custom signature.
0
Guru Member
Categories
- 7.5K All Categories
- 1.5K Nebula
- 48 Nebula Ideas
- 52 Nebula Status and Incidents
- 4.2K Security
- 212 Security Ideas
- 853 Switch
- 35 Switch Ideas
- 742 WirelessLAN
- 11 WLAN Ideas
- 4.8K Consumer Product
- 124 Service & License
- 254 News and Release
- 45 Security Advisories
- 6 Education Center
- 564 FAQ
- 269 Nebula FAQ
- 129 Security FAQ
- 73 Switch FAQ
- 70 WirelessLAN FAQ
- 7 Consumer Product FAQ
- Documents
- 34 Nebula Monthly Express
- 63 About Community
- 37 Security Highlight
