Vendor | Cisco | SCOS | Security | Attack | Attack Detected

Symptoms

Possible DoS/DDoS traffic from source

Probable Causes

Virus/Botnet activity or malicious actions

Recommended Actions

Negotiate the source if it is your customer, or ignore

Variables

Variable	Description	Default
from_ip	From IP
to_ip	To IP
from_side	From Side
proto	Protocol
open_flows	Open Flows
suspected_flows	Suspected Flows
action	Action

Events

Opening Events

Vendor | Cisco | SCOS | Security | Attack | Attack Detected may be raised by events

Event Class	Description
Vendor | Cisco | SCOS | Security | Attack | Attack Detected	Attack Detected

Closing Events

Vendor | Cisco | SCOS | Security | Attack | Attack Detected may be cleared by events

Event Class	Description
Vendor | Cisco | SCOS | Security | Attack | End-of-attack detected	Clear Attack Detected