D-Link DFL-1600 Reference Guide
2.44. THRESHOLD
These log messages refer to the THRESHOLD (Threshold rule events) category.
2.44.1. conn_threshold_exceeded (ID: 05300100)
Default Severity
Log Message
Connection threshold <description> exceeded <threshold>. Source IP:
<srcip>. Closing connection
<srcip>. Closing connection
Explanation
The source ip is opening up new connections too fast.
Gateway Action
closing_connection
Recommended Action
Investigate worms and DoS attacks.
Revision
1
Parameters
description
threshold
srcip
threshold
srcip
Context Parameters
2.44.2. reminder_conn_threshold (ID: 05300101)
Default Severity
Log Message
Reminder: Connection threshold <description> exceeded <threshold>.
Source IP: <srcip>.
Source IP: <srcip>.
Explanation
The source ip is still opening up new connections too fast.
Gateway Action
None
Recommended Action
Look through logs to see if the source ip has misbehaved in the past.
Revision
1
Parameters
description
threshold
srcip
threshold
srcip
Context Parameters
2.44.3. conn_threshold_exceeded (ID: 05300102)
Default Severity
Log Message
Connection threshold <description> exceeded <threshold>. Source IP:
<srcip>
<srcip>
Explanation
The source ip is opening up new connections too fast.
Gateway Action
None
2.44. THRESHOLD
Chapter 2. Log Message Reference
439