Check to verify if a DoS attack is underway
A Denial of Service (DoS) attack might be underway.
1. IPsec has entered a DoS condition. This might indicate a DoS attack or a spike in the server load.
2. A high percentage of traffic was dropped because it failed security validation, and might constitute a potential attack on the server.
3. A large number of Security Associations (SAs) have failed negotiations.
A Denial of Service (DoS) attack might be underway. Take steps to mitigate the possible attack.
Target | Microsoft.Windows.RemoteAccess.2012.R2.Class.NetworkSecurity | ||
Parent Monitor | System.Health.SecurityState | ||
Category | Custom | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.Windows.RemoteAccess.2012.R2.Monitor.HeuristicMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.Windows.RemoteAccess.2012.R2.Monitor.DA_DOSP_HEURISTIC_DOS_ATTACK" Accessibility="Public" Enabled="true" Target="Microsoft.Windows.RemoteAccess.2012.R2.Class.NetworkSecurity" ParentMonitorID="Health!System.Health.SecurityState" Remotable="true" Priority="Normal" TypeID="Microsoft.Windows.RemoteAccess.2012.R2.Monitor.HeuristicMonitorType" ConfirmDelivery="true">
<Category>Custom</Category>
<AlertSettings AlertMessage="Microsoft.Windows.RemoteAccess.2012.R2.Monitor.DA_DOSP_HEURISTIC_DOS_ATTACK_AlertMessageResourceID">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Error</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/DataItem/Property[@Name='ErrorDesc']$</AlertParameter1>
<AlertParameter2>$Data/Context/DataItem/Property[@Name='ErrorCause']$</AlertParameter2>
<AlertParameter3>$Data/Context/DataItem/Property[@Name='ErrorResolution']$</AlertParameter3>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="UIGeneratedOpStateId737cf8448d424e9cb45d482db8429aa7" MonitorTypeStateID="Error" HealthState="Error"/>
<OperationalState ID="UIGeneratedOpStateId15056a17fb4141da99b3c97097d81d88" MonitorTypeStateID="Warning" HealthState="Warning"/>
<OperationalState ID="UIGeneratedOpStateId01f181b0a0ce4f8cb3fc52cae28b656e" MonitorTypeStateID="Healthy" HealthState="Success"/>
</OperationalStates>
<Configuration>
<Interval>300</Interval>
<SyncTime/>
<ComponentName>Network Security</ComponentName>
<HeuristicId>2147745796</HeuristicId>
</Configuration>
</UnitMonitor>