DOS Messages Don't Make Sense

Unanswered Question
Feb 25th, 2010

I have a Cisco 851 router and have been getting a steady stream of "getting aggressive" and "calming down" messages.  Here are a couple examples:

-ALERT_ON: getting aggressive, count (2/200) current 1-min rate: -1        
Feb 24 20:55:52 cisco_firewall 32902: 032898: *Feb 24 21:33:24.612 PCTime: %FW-4
-ALERT_OFF: calming down, count (2/80) current 1-min rate: 0                   
Feb 24 21:05:15 dlink_firewall EFW: USAGE: conns=1 if0=core ip0=127.0.0.1 tp0=0.
00 if1=LAN ip1=192.168.9.199 tp1=0.00 if2=WAN ip2=74.212.145.255 tp2=0.00 if3=DM
Z ip3=10.0.0.5 tp3=0.00                                                       

Here are my settings:

one-minute (sampling period) thresholds are [2745 : 3432] connections
max-incomplete sessions thresholds are [80 : 200]                   
max-incomplete tcp connections per host is 50. Block-time 0 minute.

From what little I understand I should only get the "aggressive" message if the number of half-open sessions exceeds 200.  Yet there are only 2 and we still get the message.

Can anyone shed any light on this?

Ray Peck

Building Industry Credit Association

[email protected]

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion