SECE_1.3.6.1.4.1.2011.5.25.165.2.2.1.5 hwStrackIPInfo

Description

SECE/4/STRACKIP: OID [oid] An attack occurred. (Interface=[OCTET], SourceIP=[OCTET], InnerVlan=[INTEGER], OuterVlan=[INTEGER], EndTime=[OCTET], TotalPackets=[INTEGER])

The system detects that a user has initiated an attack.

Attribute

Alarm ID	Alarm Severity	Alarm Type
1.3.6.1.4.1.2011.5.25.165.2.2.1.5	Warning	environmentalAlarm(6)

Parameters

Name	Meaning
OID	Indicates the MIB object ID of the alarm.
Interface	Indicates the interface connected to the attacker.
SourceIP	Indicates the source IP address of the attacker.
InnerVlan	Indicates the inner VLAN ID of packets sent from the attacker.
OuterVlan	Indicates the outer VLAN ID of packets sent from the attacker.
EndTime	Indicates the end time of the attack.
TotalPackets	Indicates the number of packets received from the attacker.

Impact on the System

The device is attacked.

Possible Causes

The source IP address-based tracing is enabled on the device, and the device detects a possible attack source.

Procedure

Run the display auto-defend attack-source detail command to check the possible attack source and check whether the system is normal according to the protocol type and packet increase rate.
If you confirm that the user has initiated the attack, add the user to the blacklist in the cpu-defend policy template so that the device will not forward the packets sent by the user to the CPU.
If you cannot confirm that the attack is initiated by this user, collect device configurations, alarms, and logs, and then contact technical support personnel.
End.

Related Information

None