| Event Id | 15114 |
| Source | POP Intrusion Detection Filter |
| Description | ISA Server disconnected a connection because its connection limit was exceeded. For more information about this event, see the event viewer. |
| Event Information | According To Microsoft: ISA Server rejected a connection from the client because its connection limit was exceeded. The event could indicate a flood attack. Resolution: Use the log filter to determine if the source of the connection is legitimate or the result of a flood attack. To do this, in the console tree of ISA Server Management, on the node for the server, click Monitoring. In the Logging tab edit the log filter properties to view the source of the connection.If the connection should be allowed, increase the connection limit threshold. To do this, in the console tree of ISA Server Management click Configuration, then click General. In the details pane, select Define Connection Limits, and then use the options in the Connection Limits properites page to increase the number of concurrent connections allowed. |
| Reference Links | http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Internet%20Security%20and%20Acceleration%20Server&ProdVer=4.0.3443.594&EvtID=15114&EvtSrc=POP%20Intrusion%20Detection%20Filter&LCID=1033 |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.