The Inbound Rate Limit Discarded IPv6 IPsec Unauthenticated Packets/sec counter has exceeded a defined threshold. View this counter under IPsec DOS Protection in Performance Monitor. This counter defines the rate at which unauthenticated IKEv1, IKEv2, AuthIP, or ESP IPv6 packets received on a public adapter were discarded because they exceeded the rate limit for IPv6 IPsec unauthenticated packets per second. An unauthenticated packet is an IPsec packet without an associated state entry. A state entry is a pair of IPv6 addresses that is authorized to pass through from a public to an internal adapter.
The Inbound Rate Limit Discarded IPv6 IPsec Unauthenticated Packets/sec counter has exceeded a defined threshold. View this counter under IPsec DOS Protection in Performance Monitor. This counter defines the rate at which unauthenticated IKEv1, IKEv2, AuthIP, or ESP IPv6 packets received on a public adapter were discarded because they exceeded the rate limit for IPv6 IPsec unauthenticated packets per second. An unauthenticated packet is an IPsec packet without an associated state entry. A state entry is a pair of IPv6 addresses that is authorized to pass through from a public to an internal adapter.
Possible indication of a Denial of Service (DoS) attack or a spike in the server load.
Check the server for indications of an authenticated attack. If an attack is detected, use mitigation measures to stop it.
| Target | AP.Remote.Access.Class.NetworkSecurity | ||
| Parent Monitor | System.Health.SecurityState | ||
| Category | Custom | ||
| Enabled | True | ||
| Alert Generate | True | ||
| Alert Severity | Error | ||
| Alert Priority | Normal | ||
| Alert Auto Resolve | True | ||
| Monitor Type | AP.Remote.Access.Monitor.HeuristicMonitorType | ||
| Remotable | True | ||
| Accessibility | Public | ||
| Alert Message |
| ||
| RunAs | Default |
Home<UnitMonitor ID="AP.Remote.Access.Monitor.DA_DOSP_HEURISTIC_INBOUND_RATE_LIMIT_IPSEC_UNAUTH" Accessibility="Public" Enabled="true" Target="AP.Remote.Access.Class.NetworkSecurity" ParentMonitorID="Health!System.Health.SecurityState" Remotable="true" Priority="Normal" TypeID="AP.Remote.Access.Monitor.HeuristicMonitorType" ConfirmDelivery="true">
<Category>Custom</Category>
<AlertSettings AlertMessage="AP.Remote.Access.Monitor.DA_DOSP_HEURISTIC_INBOUND_RATE_LIMIT_IPSEC_UNAUTH_AlertMessageResourceID">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Error</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/DataItem/Property[@Name='ErrorDesc']$</AlertParameter1>
<AlertParameter2>$Data/Context/DataItem/Property[@Name='ErrorCause']$</AlertParameter2>
<AlertParameter3>$Data/Context/DataItem/Property[@Name='ErrorResolution']$</AlertParameter3>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="DA_DOSP_HEURISTIC_INBOUND_RATE_LIMIT_IPSEC_UNAUTH_Error" MonitorTypeStateID="Error" HealthState="Error"/>
<OperationalState ID="DA_DOSP_HEURISTIC_INBOUND_RATE_LIMIT_IPSEC_UNAUTH_Warning" MonitorTypeStateID="Warning" HealthState="Warning"/>
<OperationalState ID="DA_DOSP_HEURISTIC_INBOUND_RATE_LIMIT_IPSEC_UNAUTH_Success" MonitorTypeStateID="Healthy" HealthState="Success"/>
</OperationalStates>
<Configuration>
<Interval>300</Interval>
<SyncTime/>
<ComponentName>Network Security</ComponentName>
<HeuristicId>2147745802</HeuristicId>
<Debug>false</Debug>
</Configuration>
</UnitMonitor>