Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Per protocol / port thresholds #937

Open
gregory-mac opened this issue Jun 7, 2022 · 3 comments
Open

Per protocol / port thresholds #937

gregory-mac opened this issue Jun 7, 2022 · 3 comments
Labels
enhancement

Comments

@gregory-mac
Copy link

Hi Pavel!

If I understand correctly, since nDPI removal Fastnetmon can no longer recognize amplification attack types listed here.

I was wondering, are there any plans to add/return this ability? Issue somewhat related:
#911

Even without DPI, it could be valuable to have L4 port-aware thresholds.
@pavel-odintsov
Copy link
Owner

Hello!

We removed this logic as it was mostly broken as nDPI expected to see whole packets and in case of sFlow or sampled mirror it wasn't a case and it did not work for most popular Netflow v9 / IPFIX.

In Advanced version we have detailed per protocol thresholds: https://features.fastnetmon.com/feature-requests/p/add-option-to-create-thresholds-based-on-arbitrary-traffic-types

@pavel-odintsov pavel-odintsov changed the title Query: ability to recognize amplification attacks Per protocol / port thresholds Jun 7, 2022
@gregory-mac
Copy link
Author

Thanks for the answer.

@pavel-odintsov pavel-odintsov mentioned this issue Aug 7, 2022
Closed
@pavel-odintsov
Copy link
Owner

Advanced edition can easily do it: https://fastnetmon.com/docs-fnm-advanced/flexible-thresholds/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pavel-odintsov @gregory-mac