IP appears to be committing denial of service (DoS) attacks

MrThix · December 15, 2023, 9:15pm

Received this message several times in 2 months. I’m running a Palo Alto Networks firewall terminating SSL VPN sessions to provide secure internet access for 10 users. The last time yesterday I saw the alert start & end was within the same minute. So very short timeframe and I can only see spike around 800 sessions compare to 200 sessions from application Quic. Doesn’t seem like a DoS attack to me.
Also have firewall policy in place not allow traffic to supsicious IP’s from several threat feeds. All security licenses of Palo Alto Networks are in place and blocking malicious traffic but no hits are seen during the time of the alert.

I really don’t see what could be causing this issue. Could there be provided more information what is triggering this at GCP?

Marvin_Lucero · December 26, 2023, 10:13pm

Hi @MrThix ,

I suggest you check the firewall logs on your Palo Alto Networks device to gather more details about the SSL VPN alerts. There might be some information in the logs that might provide insights into the cause of the alerts.

On the other hand, look into the GCP’s audit logs to see if there are any relevant events or incidents that coincide with the SSL VPN alerts. To do this, you can check this documentation regarding VPN logs and metrics.

Topic		Replies	Views
received warning as the project "appears to be committing denial of service" Cloud Foundations & Onboarding cloud-logging	2	5	March 26, 2022
Server repeatedly locked for DoS attack. Compute Infrastructure compute-engine	2	1	October 28, 2024
A spike of Ergress to Google IPs causing +735% cost Compute Infrastructure compute-engine , server-configuration	1	5	May 13, 2022

IP appears to be committing denial of service (DoS) attacks

AI Suggested topics