Home
  •  

ICMP Queue overflow

Microsoft.Windows.RemoteAccess.Monitor.DA_DOSP_HEURISTIC_INBOUND_RATE_LIMIT_ICMPv6 (UnitMonitor)

Network Security ICMP Queue Overflow Warning.

Knowledge Base article:

Summary

Network Security ICMP Queue Overflow Warning.

Causes

The Inbound Rate Limit Discarded ICMPv6 Packets/sec counter has exceeded a defined threshold. View this counter under IPsec DOS Protection in Performance Monitor.This counter specifies the rate at which ICMPv6 packets are received on a public adapter, and discarded because they exceeded the rate limit for ICMPv6 packets per second.

Resolutions

Monitor the server for signs of a spoofing attack.

Element properties:

TargetMicrosoft.Windows.RemoteAccess.Class.NetworkSecurity
Parent MonitorSystem.Health.SecurityState
CategoryCustom
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.Windows.RemoteAccess.Monitor.Heuristic.MonitorType
RemotableTrue
AccessibilityPublic
Alert Message
ICMP Queue Overflow

Error Description - {0}
Error Cause - {1}
Error Resolution - {2}
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.Windows.RemoteAccess.Monitor.DA_DOSP_HEURISTIC_INBOUND_RATE_LIMIT_ICMPv6" Accessibility="Public" Enabled="true" Target="Microsoft.Windows.RemoteAccess.Class.NetworkSecurity" ParentMonitorID="Health!System.Health.SecurityState" Remotable="true" Priority="Normal" TypeID="Microsoft.Windows.RemoteAccess.Monitor.Heuristic.MonitorType" ConfirmDelivery="true">

  <Category>Custom</Category>

  <AlertSettings AlertMessage="Microsoft.Windows.RemoteAccess.Monitor.DA_DOSP_HEURISTIC_INBOUND_RATE_LIMIT_ICMPv6_AlertMessageResourceID">

    <AlertOnState>Warning</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Data/Context/DataItem/Property[@Name='ErrorDesc']$</AlertParameter1>

      <AlertParameter2>$Data/Context/DataItem/Property[@Name='ErrorCause']$</AlertParameter2>

      <AlertParameter3>$Data/Context/DataItem/Property[@Name='ErrorResolution']$</AlertParameter3>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="UIGeneratedOpStateId17e350f508454824aa931121a9c8f5ae" MonitorTypeStateID="Error" HealthState="Error"/>

    <OperationalState ID="UIGeneratedOpStateId31d2a0c38fe944e9a167fecfe05c9f7a" MonitorTypeStateID="Warning" HealthState="Warning"/>

    <OperationalState ID="UIGeneratedOpStateIdbad4304875d0475cac4850c0f8d87091" MonitorTypeStateID="Healthy" HealthState="Success"/>

  </OperationalStates>

  <Configuration>

    <Interval>300</Interval>

    <SyncTime/>

    <ComponentName>Network Security</ComponentName>

    <HeuristicId>2147745800</HeuristicId>

  </Configuration>

</UnitMonitor>