ALM-3276800105 An Attack Source Is Detected and the Source Interface of Attack Packets to Error-Down State
Description
SECE/4/STRACK_ERROR_DOWN: OID [OID] Interface's status is changed to error-down because an attack is detected, Interface [OCTET].
The system detected an attack source and set the source interface of the attack packets to error-down state.
Attribute
|
Alarm ID |
Alarm Severity |
Alarm Type |
|---|---|---|
|
3276800105 |
Warning |
securityServiceOrMechanismViolation(10) |
Parameters
|
Name |
Meaning |
|---|---|
|
OID |
Indicates the MIB object ID of the alarm. |
|
Interface |
Indicates the access interface of the attacker. |
Impact on the System
The interface in error-down state cannot work.
Possible Causes
The device received a large number of packets from the interface, and the rate of received packets exceeded the alarm threshold specified by the auto-defend threshold command to identify an attack. Therefore, the device identified the interface as an attack source. By default, the alarm threshold is 60 pps.
Procedure
- Run the display auto-defend attack-source detail command to check the detected attack source and check whether it is an authorized user.
- If the interface is attacked and it connects to only one user, you do not need to take any actions because the attack has been blocked. Go to Step 5.
- If the interface connects to multiple users and some users initiate attacks, you can configure attack source tracing and set the action taken on attack packets to deny, or configure a traffic policy to discard attack packets.
- If only entries exist on the interface or entries cannot be determined, collect device configurations, alarms, and logs, and then contact technical support personnel.
- End.
Related Information
None
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
