Network Security Queue Overflow Warning
Network Security Queue Overflow Warning
This might indicate a Denial of Service (DoS) attack or a spike in server load. The Inbound Rate Limit Discarded IPv6 IPsec Authenticated Packets/sec counter has exceeded a defined threshold. View this counter under IPsec DOS Protection in Performance Monitor. The counter specifies the rate at which authenticated IKEv1, IKEv2, AuthIP, or ESP IPv6 packets are received on a public adapter and discarded because they exceed the rate limit for IPv6 IPsec authenticated packets per second. An authenticated packet is an IPsec packet with an associated state entry. A state entry is a pair of IPv6 addresses that is authorized to pass through from a public to an internal adapter.
Check the server for indications of an authenticated attack. If an attack is detected, use mitigation measures to stop it.
| Target | AP.Remote.Access.Class.NetworkSecurity | ||
| Parent Monitor | System.Health.SecurityState | ||
| Category | Custom | ||
| Enabled | True | ||
| Alert Generate | True | ||
| Alert Severity | Error | ||
| Alert Priority | Normal | ||
| Alert Auto Resolve | True | ||
| Monitor Type | AP.Remote.Access.Monitor.HeuristicMonitorType | ||
| Remotable | True | ||
| Accessibility | Public | ||
| Alert Message |
| ||
| RunAs | Default |
Home<UnitMonitor ID="AP.Remote.Access.Monitor.DA_DOSP_HEURISTIC_INBOUND_RATE_LIMIT_IPSEC_AUTH" Accessibility="Public" Enabled="true" Target="AP.Remote.Access.Class.NetworkSecurity" ParentMonitorID="Health!System.Health.SecurityState" Remotable="true" Priority="Normal" TypeID="AP.Remote.Access.Monitor.HeuristicMonitorType" ConfirmDelivery="true">
<Category>Custom</Category>
<AlertSettings AlertMessage="AP.Remote.Access.Monitor.DA_DOSP_HEURISTIC_INBOUND_RATE_LIMIT_IPSEC_AUTH_AlertMessageResourceID">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Error</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/DataItem/Property[@Name='ErrorDesc']$</AlertParameter1>
<AlertParameter2>$Data/Context/DataItem/Property[@Name='ErrorCause']$</AlertParameter2>
<AlertParameter3>$Data/Context/DataItem/Property[@Name='ErrorResolution']$</AlertParameter3>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="DA_DOSP_HEURISTIC_INBOUND_RATE_LIMIT_IPSEC_AUTH_Error" MonitorTypeStateID="Error" HealthState="Error"/>
<OperationalState ID="DA_DOSP_HEURISTIC_INBOUND_RATE_LIMIT_IPSEC_AUTH_Warning" MonitorTypeStateID="Warning" HealthState="Warning"/>
<OperationalState ID="DA_DOSP_HEURISTIC_INBOUND_RATE_LIMIT_IPSEC_AUTH_Success" MonitorTypeStateID="Healthy" HealthState="Success"/>
</OperationalStates>
<Configuration>
<Interval>300</Interval>
<SyncTime/>
<ComponentName>Network Security</ComponentName>
<HeuristicId>2147745801</HeuristicId>
<Debug>false</Debug>
</Configuration>
</UnitMonitor>