| Event Id | 92 |
| Source | Microsoft-Windows-NLB |
| Description | NLB cluster [%2]: A SYN attack has been detected. During the attack, some connections might fail. If this attack recurs frequently, analyze the threat and take appropriate measures. An informational event log entry will be logged when the attack has subsided. |
| Event Information | According to Microsoft : Cause : This event is logged when A SYN attack has been detected in NLB cluster. Resolution : Analyze threat to NLB cluster Analyze the threats against the Network Load Balancing (NLB) cluster, including potential denial-of-service attacks, and then take the appropriate measures. If it is not an attack, the NLB cluster may be overloaded. To distribute the cluster traffic load over more hosts, you can add more hosts to the NLB cluster. When you are using NLB Manager, you must be a member of the Administrators group on the host that you are configuring, or you must have been delegated the appropriate authority. If you are configuring a cluster or host by running NLB Manager from a computer that is not part of the cluster, you do not have to be a member of the Administrators group on that computer. To add a host to the NLB cluster: 1.Click Start, click Administrative Tools, and then click Network Load Balancing Manager. You can also open NLB Manager by typing Nlbmgr at a command prompt. 2.Right-click the cluster where you want to add the host and choose Add Host To Cluster. If NLB Manager does not list the cluster, connect to the cluster. 3.Type the host's name and click Connect. The network adapters that are available on the host will be listed at the bottom of the dialog box. 4.Click the network adapter that you want to use for NLB, and then click Next. The IP address configured on this network adapter will be the dedicated IP address for this host. 5.Configure the remaining host parameters as appropriate, and then click Finish. Verify : To verify that Network Load Balancing (NLB) is not under a denial-of-service attack by using Event Viewer: 1.Click Start, click Control Panel, and then click System and Maintenance. 2.Click Administrative Tools, and then double-click Event Viewer. You can also open Event Viewer by typing eventvwr from a command prompt. 3.Click an event log in the left pane of the event viewer. 4.In the system log, check for events with the ID 93, which indicates that the SYN attack has subsided, or ID 106, which indicates that the timer starvation has subsided. |
| Reference Links | Event ID 92 from Source Microsoft-Windows-NLB |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.