Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

%TCP-2-TCP_MAXESTABLISHED alert

Is there a way to verify if tcp established alert is at safe level? I can't seem to find the command to verify this. thx

1 REPLY
New Member

Re: %TCP-2-TCP_MAXESTABLISHED alert

%TCP-2-TCP_MAXESTABLISHED: Possible TCP ACK attack. Maximum established

The system counts the number of simultaneous open connections in SYN or EST states. When The count has exceeded the threshold, the system believes it is under a denial of service attack and this syslog message appears.

Recommended Action: Close traffic on the management port and determine the source of the denial of service attack.

The TCP-2-TCP_MAXESTABLISHED system message may appear during simultaneous webauth authentication with a large number of hosts.

This problem is resolved in software release 8.6(1). (CSCsf14780)

590
Views
0
Helpful
1
Replies
CreatePlease login to create content