Forum Discussion

adiezma_1656's avatar
adiezma_1656
Icon for Nimbostratus rankNimbostratus
Dec 21, 2011

Alert Critical in LCD display

Hi !

 

 

I have a problem with the LCD display of my f5

 

Displays a message that says: " Blocking DoS Attack" and also a red light appears on the alert.

 

Where is the log to show me information about this alert?

 

 

Thanks a lot!

 

 

Antonio

 

  • is this related?

     

     

    sol4611: Overview of adaptive reaping

     

    http://support.f5.com/kb/en-us/solutions/public/4000/600/sol4611.html
  • That's it!

     

     

    In the log appears

     

     

    Dec 21 08:46:28 local/tmm1 warning tmm1[9309]: 011e0002:4: sweeper_update: aggressive mode activated. (174174/204800 pages)

     

    Dec 21 08:46:30 local/tmm1 warning tmm1[9309]: 011e0002:4: sweeper_update: aggressive mode deactivated. (173655/204800 pages)

     

    Dec 21 10:26:43 local/tmm5 warning tmm5[9313]: 011e0002:4: sweeper_update: aggressive mode activated. (174114/204800 pages)

     

    Dec 21 10:26:44 local/tmm5 warning tmm5[9313]: 011e0002:4: sweeper_update: aggressive mode deactivated. (173436/204800 pages)

     

     

    Thank you again!!!

     

     

    Antonio.

     

     

    SOLVED
  • Ops,

     

     

    The message has been re-played on the LCD display.

     

     

    Do you know any way to fix it?, Raising thresholds?

     

     

    Regards

     

     

    Antonio
  • Do you know any way to fix it?, Raising thresholds?i think the correct way is to determine whether it is a real attack or something wrong in configuration e.g. idle timeout is too long, etc. if it is the attack, block it somehow e.g. firewall, irule, etc.
  • The F5 gives me these messages only referring to blocking DoS attack. Is there another reliable way to know whether or not an attack? With the information I get the F5, I can not determine whether or not an attack
  • i suggest opening a support case. support engineer should be able to help in looking into statistics and logs.

     

     

    there is no standard procedure but i usually check performance graph, virtual server counter, counter on external device such as firewall, switch, etc.

     

     

    hope this helps.