We are having sometimes problems that our internet access is very slow. I have checked the log of the router and I see the following errors:

574859: Jun 22 08:53:39.112 CETDST: %FW-4-ALERT_ON: getting aggressive, count (23/500) current 1-min rate: 501

574861: Jun 22 08:55:03.793 CETDST: %FW-4-ALERT_OFF: calming down, count (2/400) current 1-min rate: 365

574862: Jun 22 08:55:56.484 CETDST: %FW-4-ALERT_ON: getting aggressive, count (24/500) current 1-min rate: 1001

574863: Jun 22 08:57:06.690 CETDST: %FW-4-ALERT_OFF: calming down, count (2/400) current 1-min rate: 214

574905: Jun 22 10:05:03.863 CETDST: %FW-4-ALERT_ON: getting aggressive, count (19/500) current 1-min rate: 501

574926: Jun 22 10:06:02.480 CETDST: %FW-4-ALERT_OFF: calming down, count (1/400) current 1-min rate: 375

574927: Jun 22 10:06:05.448 CETDST: %FW-4-ALERT_ON: getting aggressive, count (34/500) current 1-min rate: 501

575373: Jun 22 10:16:47.879 CETDST: %FW-4-ALERT_OFF: calming down, count (3/400) current 1-min rate: 399

575374: Jun 22 10:16:53.783 CETDST: %FW-4-ALERT_ON: getting aggressive, count (4/500) current 1-min rate: 501

575494: Jun 22 12:32:11.592 CETDST: %FW-4-ALERT_ON: getting aggressive, count (5/500) current 1-min rate: 501

575513: Jun 22 12:33:02.945 CETDST: %FW-4-ALERT_OFF: calming down, count (2/400) current 1-min rate: 321

575534: Jun 22 13:06:03.011 CETDST: %FW-4-ALERT_ON: getting aggressive, count (22/500) current 1-min rate: 501

575570: Jun 22 13:07:07.292 CETDST: %FW-4-ALERT_OFF: calming down, count (3/400) current 1-min rate: 390

575571: Jun 22 13:07:09.208 CETDST: %FW-4-ALERT_ON: getting aggressive, count (14/500) current 1-min rate: 501

575694: Jun 22 13:09:56.310 CETDST: %FW-4-ALERT_OFF: calming down, count (2/400) current 1-min rate: 399

575696: Jun 22 13:09:59.250 CETDST: %FW-4-ALERT_ON: getting aggressive, count (13/500) current 1-min rate: 501

576106: Jun 22 13:18:23.437 CETDST: %FW-4-ALERT_OFF: calming down, count (2/400) current 1-min rate: 337

576192: Jun 22 14:41:52.099 CETDST: %FW-4-ALERT_ON: getting aggressive, count (3/500) current 1-min rate: 501

576196: Jun 22 14:42:08.316 CETDST: %FW-4-ALERT_OFF: calming down, count (3/400) current 1-min rate: 328

576481: Jun 22 22:19:23.756 CETDST: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to up

576519: Jun 22 23:35:59.240 CETDST: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to down

577547: Jun 23 08:25:31.407 CETDST: %FW-4-ALERT_ON: getting aggressive, count (20/500) current 1-min rate: 501

577571: Jun 23 08:26:19.304 CETDST: %FW-4-ALERT_OFF: calming down, count (3/400) current 1-min rate: 372

577572: Jun 23 08:26:22.144 CETDST: %FW-4-ALERT_ON: getting aggressive, count (14/500) current 1-min rate: 501

577831: Jun 23 08:32:22.065 CETDST: %FW-3-RESPONDER_WND_SCALE_INI_NO_SCALE: Dropping packet - Invalid Window Scale option for session 192.168.10.134:49279 to 95.101.248.124:80 (Initiator scale 0 Responder scale 5)

578082: Jun 23 08:37:35.425 CETDST: %FW-4-ALERT_OFF: calming down, count (2/400) current 1-min rate: 397

578083: Jun 23 08:37:41.829 CETDST: %FW-4-ALERT_ON: getting aggressive, count (4/500) current 1-min rate: 501

578107: Jun 23 08:47:17.844 CETDST: %FW-4-ALERT_ON: getting aggressive, count (3/500) current 1-min rate: 501

578111: Jun 23 08:47:35.161 CETDST: %FW-4-ALERT_OFF: calming down, count (2/400) current 1-min rate: 396

578113: Jun 23 08:50:19.919 CETDST: %FW-4-ALERT_ON: getting aggressive, count (7/500) current 1-min rate: 501

578115: Jun 23 08:50:24.219 CETDST: %FW-4-ALERT_OFF: calming down, count (1/400) current 1-min rate: 367

The errors may indicate a possible attack (DDoS attack). I have now experience with this but is there something I can do or must our service provider do something?

Here is my configuration:

version 12.4

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname router00

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

logging console critical

enable secret 5 ***********

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication ppp default group radius local

aaa authorization console

aaa authorization exec default local

aaa authorization network default group radius local

!

aaa session-id common

!

resource policy

!

clock timezone CETDST 1

clock summer-time CETDST recurring last Sun Mar 2:00 last Sun Oct 3:00

!

!

ip cef

!

!

ip domain name ***********.local

ip name-server 213.75.63.36

ip name-server 213.75.63.70

ip ssh time-out 60

ip ssh authentication-retries 2

ip ssh logging events

ip ssh version 2

ip inspect name PACKETFILTER cuseeme

ip inspect name PACKETFILTER ftp

ip inspect name PACKETFILTER h323

ip inspect name PACKETFILTER netshow

ip inspect name PACKETFILTER rcmd

ip inspect name PACKETFILTER realaudio

ip inspect name PACKETFILTER rtsp

ip inspect name PACKETFILTER smtp

ip inspect name PACKETFILTER sqlnet

ip inspect name PACKETFILTER streamworks

ip inspect name PACKETFILTER tftp

ip inspect name PACKETFILTER tcp

ip inspect name PACKETFILTER udp

ip inspect name PACKETFILTER vdolive

ip inspect name PACKETFILTER icmp

vpdn enable

!

vpdn-group 1

! Default PPTP VPDN group

accept-dialin

  protocol pptp

  virtual-template 1

!

!

!

!

username *********** privilege 15 secret 5 ***********

archive

log config

  hidekeys

!

!

policy-map pppoe_out_default_shaper

class class-default

  shape average 9400000

!

!

!

!

!

!

interface FastEthernet0

description Link to EVPN CPE

no ip address

ip nat outside

ip inspect PACKETFILTER out

ip virtual-reassembly

load-interval 30

speed 100

full-duplex

pppoe enable

pppoe-client dial-pool-number 1

no cdp enable

service-policy output pppoe_out_default_shaper

!

interface FastEthernet1

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet2

!

interface FastEthernet3

switchport access vlan 2

!

interface FastEthernet4

shutdown

!

interface FastEthernet5

shutdown

!

interface FastEthernet6

shutdown

!

interface FastEthernet7

shutdown

!

interface FastEthernet8

shutdown

!

interface FastEthernet9

shutdown

!

interface Virtual-Template1

ip unnumbered Vlan1

peer default ip address pool VPN_IPpool

ppp encrypt mppe auto required

ppp authentication ms-chap ms-chap-v2

!

interface Vlan1

description LAN

ip address 192.168.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

hold-queue 100 out

!

interface Vlan2

description LAN

ip address 192.168.2.5 255.255.255.0

ip helper-address 192.168.10.2

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

hold-queue 100 out

!

interface Async1

no ip address

encapsulation slip

!

interface Dialer1

description Customer Traffic PPPoE Connection

mtu 1492

ip address *********** ***********

ip access-group outside_access_in in

ip verify unicast reverse-path

ip nat outside

ip inspect PACKETFILTER out

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp pap sent-username *********** password 7 ***********

ppp ipcp mask request

ppp ipcp address accept

!

ip local pool VPN_IPpool 192.168.10.190 192.168.10.199

ip route 0.0.0.0 0.0.0.0 Dialer1

!

!

no ip http server

no ip http secure-server

ip nat inside source route-map nonat interface Dialer1 overload

ip nat inside source static tcp 192.168.10.2   *** *********** *** extendable

ip nat inside source static tcp 192.168.10.4   *** *********** *** extendable

ip nat inside source static tcp 192.168.10.4   *** *********** *** extendable

ip nat inside source static tcp 192.168.10.210 *** *********** *** extendable

ip nat inside source static tcp 192.168.10.4   *** *********** *** extendable

ip nat inside source static tcp 192.168.10.210 *** *********** *** extendable

ip nat inside source static tcp 192.168.10.4   *** *********** *** extendable

ip nat inside source static tcp 192.168.10.4   *** *********** *** extendable

ip nat inside source static tcp 192.168.10.2   *** *********** *** extendable

!

ip access-list extended inside_access_in

permit tcp host 192.168.10.2 any eq smtp

deny   tcp any any eq smtp

permit ip any any

ip access-list extended outside_access_in

deny   ip host *********** any

deny   ip host *********** any

deny   ip 10.0.0.0 0.255.255.255 any

deny   ip 172.16.0.0 0.15.255.255 any

deny   ip 192.168.0.0 0.0.255.255 any

deny   ip any host 255.255.255.255

permit udp any any eq non500-isakmp

permit udp any any eq isakmp

permit esp any any

permit ahp any any

permit gre any any

permit tcp any any eq ***

permit tcp any any eq ***

permit tcp any any eq ***

permit tcp any any eq ***

permit tcp any any eq ***

permit tcp any any eq ***

permit tcp any any eq ***

permit tcp any any eq ***

permit tcp any any eq ***

permit tcp any any eq ***

permit tcp any any eq ***

permit udp any any eq ***

permit udp any any eq ***

permit icmp any any unreachable

permit icmp any any echo-reply

permit icmp any any packet-too-big

permit icmp any any time-exceeded

permit icmp any any traceroute

permit icmp any any administratively-prohibited

permit icmp any any echo

deny   ip any any log

!

logging trap debugging

access-list 105 permit ip 192.168.2.0 0.0.0.255 any

access-list 105 permit ip 192.168.10.0 0.0.0.255 any

!

!

!

route-map nonat permit 10

match ip address 105

!

!

!

radius-server host 192.168.10.2 auth-port 1645 acct-port 1646

radius-server key 7 ***********

!

control-plane

!

!

line con 0

exec-timeout 15 0

transport output all

line 1

modem InOut

stopbits 1

speed 115200

flowcontrol hardware

line aux 0

exec-timeout 15 0

transport output all

line vty 0 4

exec-timeout 15 0

privilege level 15

logging synchronous

transport input ssh

transport output all

!

scheduler max-task-time 5000

ntp clock-period 17180093

ntp server 91.198.174.204

ntp server 195.43.138.169

ntp server 145.24.129.5

ntp server 91.198.174.197

ntp server 85.234.224.216

!

webvpn context Default_context

ssl authenticate verify all

!

no inservice

!

end