Interface flood detection disabled

To track data for interface flood detection, private storage is obtained when IDS starts monitoring an interface. If the storage cannot be obtained, IDS is not able to detect an interface flood for the interface. A console message and a syslogd message are issued to report the condition.

The following example shows the console message that is issued:

EZZ8761I IDS EVENT DETECTED 
EZZ8730I STACK TCPCS
EZZ8762I EVENT TYPE: INTERFACE FLOOD DETECTION DISABLED 
EZZ8763I CORRELATOR 20 - PROBEID 04070015 
EZZ8770I INTERFACE OSAQDIO4L 
EZZ8765I DESTINATION IP ADDRESS 5.72.107.78 - PORT 0 
EZZ8766I IDS RULE AttackFlood-rule
EZZ8767I IDS ACTION AttackLog-action

The following is an example of the syslogd message:

EZZ8658I TRMD ATTACK Interface Flood Detection Disabled:12/23/2002 20:39:35.00,
ifcname=OSAQDIO4L, dipaddr=5.72.107.78,correlator=20,probeid=04070015,
sensorhostname=MVS34.tcp.com

These messages indicate a storage constraint has prevented the initialization of interface flood detection for the interface specified in the message. Interface flood detection for other interfaces is not affected.

When the problem causing the storage constraint is resolved, the Interface Flood detection support can be activated by removing the IDS ATTACK FLOOD policy and then adding the IDS ATTACK FLOOD policy again, or by stopping and restarting the interface.