|
kiarash
Member
2014-Oct-11 10:58 pm
Zywall USG 20W - Maximum sessions per host 91.154.6.119Hi,
I have Zywall USG20W, recently I getting the following message on my logs, source is from 91.154.6.119 and Destintion is my WAN port of the router and its access is getting blocked, any idea what is this?
Maximum sessions per host (1000) was exceeded. [count=127] 91.154.6.119 |
|
kiarash |
kiarash
Member
2014-Oct-11 11:39 pm
Attached the snapshot of my router logs in JPEG, |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON (Software) OPNsense Ubiquiti UniFi UAP-AC-PRO Ubiquiti NanoBeam M5 16
1 edit |
Brano
MVM
2014-Oct-12 12:04 am
If you had left the destination IP and mainly destination port in the picture we could have tried to assess what kind of connection possibly attack this is.
However, it's strange that max. is set to 1000 as I see default on (USG50) is unlimited.
Router> show session-limit status session-limit status: off limit of maximum sessions per host: 0
You can de-activate is by
# no session-limit activate
|
|
|
to kiarash
Under Security Policy, Session control on the web interface is where you can set the limit -- if you don't want to use the cli. My default was set at 1000 on the usg40. |
|
Sentinel Premium Member join:2001-02-07 Florida |
to kiarash
This may be (another) dumb question but ... can't we just uncheck 'enable session limit' altogether? I Mean if you are using this in a small home network environment? |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON
1 recommendation |
Brano
MVM
2014-Oct-12 3:28 pm
Yes, sure for small network where you don't have crazy bit-torrent users or gamers I'd un-check it or set to unlimited. |
|
|
Well, I not running any Bit torrent, I even turned off all my computers except one which is I'm 100% sure that is clean (none of my computers is infected, scanned them all)
I'm guessing that I'm getting attacked from outside of the US, someone is trying to hack my router as 2 out of 3 are from outside of the US which I don't do business with.
Called Charter my internet provider and they said they can't block them either. |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON |
Brano
MVM
2014-Oct-12 8:46 pm
Again, if you showed us the destination ports we could do some guessing as of what attack is that. |
|
|
Dentition is my WAN IP address, I'm not going to list my WAN IP address on the internet post.
Imagine my IP address is 166.10.10.10, now how can you help? |
|
BranoI hate Vogons MVM join:2002-06-25 Burlington, ON |
Brano
MVM
2014-Oct-12 9:37 pm
Yes, but what port? 166.10.10.10:xxx - what is the xxx? |
|
Brano |
Brano
MVM
2014-Oct-12 9:38 pm
If the port is not in session log, it's in firewall log. |
|
|
|
kiarash
Member
2014-Oct-12 10:39 pm
There is no port at the end is just the IP address of my WAN |
|