HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Server Management - Systems Insight Manager
cancel
Showing results for 
Search instead for 
Did you mean: 

Could SIM be flooding my OAs down?

 
Kaukonen
Advisor

Could SIM be flooding my OAs down?

Hello,

We have had to reset our OnBoard Administrators on our new HP Blade Enclosures for few times. OA seems to be working but no access to network. We noticed following from OA log files.

There are several messages OA: Authentication failure for user sim from xxx.xxx.xxx.xxx, requesting web service
Soon after followed by
Kernel: Network packet flooding detected. Disabling network interface for 2 seconds
Kernel: Network packet flooding detected. Disabling network interface for 4 seconds
Kernel: Network packet flooding detected. Disabling network interface for 8 seconds
Disabling network interface for 4 seconds
Kernel: Network packet flooding detected. Disabling network interface for 8 seconds
Kernel: Network packet flooding detected. Disabling network interface for 16 seconds
Kernel: Network packet flooding detected. Disabling network interface for 30 seconds
Kernel: Network packet flooding detected. Disabling network interface for 30 seconds

Why SIM keeps trying after so many login failures? Older Firmware on OA doesn't have disabling network interfaces for xx seconds feature. It also detects flooding, but it hasn't gone to network blackout.
2 REPLIES
BPE
Esteemed Contributor

Re: Could SIM be flooding my OAs down?

It seems to be a trend that the security of OA and ILO's will be improved. You need to verify your system credential for the OA if they use only the correct login the problem should disappear. In the past most of the installation used a list of global credential. This will not work any longer with such devices. It is the first time that I heard about this problem on HP devices. Thanks for your input.
We saw the problem in our company with other vendors two years ago. The issue was very similar but no log entry at this time!!!
You did a discovery / identify and your access to the managed device was blocked, because the management interface thinks an attack happens.

At least with SIM you can block the use of other credential.

Hope this helps
BPE
Kaukonen
Advisor

Re: Could SIM be flooding my OAs down?

Hello,

I fixed the login. Looks like the problem with OA was related to 3.0 and 3.10 firmwares and having that SIM flood in log file was just coincidence.