Flood Detection (8910001)

follet Posts: 32
First Comment Friend Collector Third Anniversary
 Freshman Member
Today I've visited LOG on my ZyWall 100, and saw warning lines:

Category: ADP
from Any to ZyWALL, [type=Flood-Detection(8910001)] TCP Flood TCP Flood Action: Block Severity: medium [count=2]

All of the floods are blocked, but there are thousands of strings in the LOG and CPU loads for 90%.

What Can I do? Give me suggestions, please.

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,310
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments
     Zyxel Employee
    If it have large amount attack traffic continuously, we would suggest to disable the flooding log temporarily,
    because the device keep on writing the log, which will consume the CPU loading.

    Assume those traffic have specific pattern, you also can try to block by IDP custom signature.

Security Highlight