Why did the ProxySG appliance log display the 'Blocking client IP address [IP-address], exceeded request failure limit' message in the event log?

book

Article ID: 167496

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Example:

 2011-01-01 01:11:11+09:00JST  "Blocking client IP address *.*.*.*, exceeded request failure limit "

This message is logged by the attack-detection feature because the ProxySG appliance detected and blocked client communication from an IP address host.

If that message is found in the event log, the appliance has received a large number of packets from another host intentionally or accidentally. You can be relatively certain that the appliance has been attacked.

For details of the client-side attack detection, refer to the following KB articles: KB3401 or FAQ315.

The attack detection feature is only configurable using the CLI. Check the software configuration in the sysinfo file or enter:

#(config attack-detection) view configuration

This command displays how the appliance handles such traffic from outside of the appliance.