dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
7907
kiarash
join:2014-09-07

kiarash

Member

Zywall USG 20W - Maximum sessions per host 91.154.6.119

Hi,

I have Zywall USG20W, recently I getting the following message on my logs, source is from 91.154.6.119 and Destintion is my WAN port of the router and its access is getting blocked, any idea what is this?

Maximum sessions per host (1000) was exceeded. [count=127]
91.154.6.119
kiarash

kiarash

Member

Click for full size
Attached the snapshot of my router logs in JPEG,

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO
Ubiquiti NanoBeam M5 16

1 edit

Brano

MVM

If you had left the destination IP and mainly destination port in the picture we could have tried to assess what kind of connection possibly attack this is.

However, it's strange that max. is set to 1000 as I see default on (USG50) is unlimited.

Router> show session-limit status
session-limit status: off
limit of maximum sessions per host: 0

You can de-activate is by
# no session-limit activate
frantid
join:2014-09-14
iceland

frantid to kiarash

Member

to kiarash
Under Security Policy, Session control on the web interface is where you can set the limit -- if you don't want to use the cli. My default was set at 1000 on the usg40.
Sentinel
Premium Member
join:2001-02-07
Florida

Sentinel to kiarash

Premium Member

to kiarash
This may be (another) dumb question but ... can't we just uncheck 'enable session limit' altogether? I Mean if you are using this in a small home network environment?

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

1 recommendation

Brano

MVM

Yes, sure for small network where you don't have crazy bit-torrent users or gamers I'd un-check it or set to unlimited.
kiarash
join:2014-09-07

kiarash

Member

Well, I not running any Bit torrent, I even turned off all my computers except one which is I'm 100% sure that is clean (none of my computers is infected, scanned them all)

I'm guessing that I'm getting attacked from outside of the US, someone is trying to hack my router as 2 out of 3 are from outside of the US which I don't do business with.

Called Charter my internet provider and they said they can't block them either.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

Brano

MVM

Again, if you showed us the destination ports we could do some guessing as of what attack is that.
kiarash
join:2014-09-07

kiarash

Member

Dentition is my WAN IP address, I'm not going to list my WAN IP address on the internet post.

Imagine my IP address is 166.10.10.10, now how can you help?

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

Brano

MVM

Yes, but what port? 166.10.10.10:xxx - what is the xxx?
Brano

Brano

MVM

If the port is not in session log, it's in firewall log.
kiarash
join:2014-09-07

kiarash

Member

There is no port at the end is just the IP address of my WAN