Have you identified what machine is sending these SYN packets (ip 10.0.0.1)? I have heard of some applications trying to initiate several connections at a time. Have you introduced any new machines/PC to the network recently? How long have you been seeing these messages?
I would first of all protect your network against SYN flood attacks as your network is currently wide open, given the configuration you posted. The following config will help minimize your exposure to a SYN flood attack.
set connection conn-max 100
set connection embryonic-conn-max 200
set connection per-client-embryonic-max 7
set connection per-client-max 5
set connection random-sequence-number enable
set connection timeout embryonic 0:0:45
The below link goes more in depth on attack mitigation and might be worth you reading.
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...
Dear Team Suppose we have hundreds of rules in access policy on cisco fmc device. Now I want to fetch all access policy rules in which I have mentioned some specific port number X. Can anyone help me with the process to fetch the same?
Greetings everyone, Happy New Year! I would like to thank you all for making our ISE demos in dCloud a great success!
The ISE instant demo has been in the top 5 of Enterprise demos for a long time now and recently just moved into the #1 and 2 slots...
User Experience Enhancements
As part of the Cisco Common User Experience program, we are working towards a more uniform user experience and terminology alignment. This program runs across all Cisco security products.
A More Intuitive Cognitiv...