Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA 4.2.2 Administrator Guide > Common tasks and user scenarios > Recognize and stop a denial-of-service attack

Recognize and stop a denial-of-service attack

Table of contents
No headers
Created by Lori Krell, last modified by Alexandra.Nerpasova on Oct 24, 2016

Views: 4 Votes: 0 Revisions: 4

Consider the following scenario:

A SolarWinds NPM advanced alert tells you that your web-facing router is having trouble creating and maintaining a stable connection to the Internet.

SolarWinds NTA helps you easily characterize both outgoing and incoming traffic. This ability becomes ever more important as corporate networks are exposed to malicious denial of service attacks.

  1. Click My Dashboards > Home > Summary.
  2. Under Top 10 Nodes by Average CPU Load, you notice the CPU load on the firewall node is holding steady between 99% and 100%.
  3. Click the firewall node name to open its Node Details view. Under Current Percent Utilization of Each Interface, you see that your firewall interfaces are receiving abnormally high levels of traffic.
  4. Click My Dashboards > NetFlow > NTA Summary.
  5. Under Top 10 Endpoints, you see that the top six computers attempting to access your network are overseas. You realize that you are being port scanned and that your firewall is interactively blocking these attacks.
  6. Use a configuration tool, such as SolarWinds Network Configuration Manager, to push a new configuration to your firewall that blocks all traffic over the IP address range of the computers trying to access your network.
  7. In minutes, your CPU usage drops back to normal.
 
Last modified
06:28, 24 Oct 2016

Tags

Classifications

Public