OverviewThere is a DDOS attack on your network which is causing slowness and all sorts of performance issues. It might sometimes cause the Exinda to go into bypass mode and reboot.
Exinda cannot help prevent such attacks because we are not designed to be a firewall. We can help detect infected hosts and/or attackers.
Additional InformationSymptoms of a DOS/DDOS attack
1. You will see an abnormally high number of new connections per second passing through the Exinda under System - Connections graph
2. Your Exinda "might" have shutdown unexpectedly. Exinda does so, when the count for new connections per second goes beyond the amount that hardware can handle. In order to protect the state of the firmware, the device goes into a bypass state and might reboot.
Detection of hosts causing the attack.
Create a complete PDF report for the time of the attack and browse to the TCP Health section. You can also do this under Monitor - Service Levels - TCP Health.
Look for the hosts with the most number of IGNORED Connections. Generally an internal the host with the most number of ignored connections is accused of being infected hence causing an attack. Generally an external host with the most number of ignored connections is accused of being the attacker.
Once you have this information you can take an action accordingly.