Live Demo
Free Edition
Download NowObject Access » Object Access Event: 5148
Event ID 5148 – The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.
| Event ID | 5148 |
| Category | Object Access: Other Object Access Events |
| Type | Failure Audit |
Event 5148 is logged when the Windows Filtering Platform detects a DoS attack and enters a defensive mode, thus causing packets associated with this attack to be discarded. This event was designed to be generated when an ICMP DoS attack starts or is detected. This event occurs very rarely.
An example of 5148 event log:
The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.
Network Information:
Type:%1
Why does event ID 5148 need to be monitored?
The logging of this event indicates that there is an ICMP DoS attack, or that there are hardware and network device related problems. Either way, it is prudent to investigate the cause of this event.
Event 5148 applies to the following operating systems:
- Windows 2008 R2 and 7
- Windows 2012 R2 and 8.1
- Windows 2016 and 10
Explore Active Directory auditing and reporting with ADAudit Plus.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools