Hi Bro
Yes, you should be worried but you don't have to loose your cool over this. After all, this message is informational only, but I do believe youāre seeing this message very often. This may indicate a network attack. For further details on this, please refer to this URL http://www.cisco.com/en/US/docs/ios/11_3/feature/guide/firewall.html
This message indicates that CBAC has detected and blocked DOS attacks and itās notifying you when DOS attacks occurred e.g. Aug 2 18:27 - Aug 2 18:28 (1 Minute). This is a good thing. When a pair of %FW-4-ALERT_ON and %FW-4-ALERT_OFF messages appears together, each "aggressive/calming" pair of messages indicates a separate network attack.
Iām guessing either the max-incomplete high threshold of half-open connections or the new connection initiation rate has been exceeded. This message is issued only when the max-incomplete high threshold is crossed.
To tune the values, please refer to this URL https://supportforums.cisco.com/docs/DOC-1939
P/S: If you think this comment is useful, please do rate them nicely :-)
Warm regards,
Ramraj Sivagnanam Sivajanam