Advertisement
Sonicwall is reporting a possible TCP flood on our CCTV network
\nWe have multiple Hikvision NVRs that live on the same subnet as the cameras.
\nThe NVRs are being accessed by security and some select people other employees.<\/p>\n
It generates a large number of bogus flood alerts, is there anyway to either filter them out, or preferably tell sonicwall that it’s normal behaviour without compromising legitimate alerts?<\/p>\n
This is how the logs look like:<\/p>\n
Sonicwall is reporting a possible TCP flood on our CCTV network It generates a large number of bogus flood alerts, is there anyway to either filter them out, or preferably tell sonicwall that it’s normal behaviour without compromising legitimate alerts?<\/p>\n This is how the logs look like:<\/p>\n Are you sure the NVR’s don’t have access to the Internet or haven’t otherwise been compromised? Hikvision and other Chinese make CCTV equipment have shown to be some of the most cyber insecure on the market.<\/p>","upvoteCount":0,"datePublished":"2025-06-24T18:46:21.720Z","url":"https://community.spiceworks.com/t/possible-tcp-flood-on-if-alerts/1217829/2","author":{"@type":"Person","name":"LuisC","url":"https://community.spiceworks.com/u/LuisC"}}]}}
Possible TCP Flood on IF X3:V1 - src: HOST_IP:59396 dst: NVR_IP:8000<\/code>
\nPossible TCP Flood on IF X3:V1 - src: NVR_IP:8000 dst: HOST_IP:58761 - rate: 254/sec continues<\/code><\/p>","upvoteCount":5,"answerCount":2,"datePublished":"2025-06-24T12:36:02.308Z","author":{"@type":"Person","name":"spiceuser-eudg","url":"https://community.spiceworks.com/u/spiceuser-eudg"},"suggestedAnswer":[{"@type":"Answer","text":"
\nWe have multiple Hikvision NVRs that live on the same subnet as the cameras.
\nThe NVRs are being accessed by security and some select people other employees.<\/p>\nPossible TCP Flood on IF X3:V1 - src: HOST_IP:59396 dst: NVR_IP:8000<\/code>
\nPossible TCP Flood on IF X3:V1 - src: NVR_IP:8000 dst: HOST_IP:58761 - rate: 254/sec continues<\/code><\/p>","upvoteCount":5,"datePublished":"2025-06-24T12:36:02.374Z","url":"https://community.spiceworks.com/t/possible-tcp-flood-on-if-alerts/1217829/1","author":{"@type":"Person","name":"spiceuser-eudg","url":"https://community.spiceworks.com/u/spiceuser-eudg"}},{"@type":"Answer","text":"