Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA 4.2.3 Administrator Guide > Common tasks and user scenarios > Recognize and stop a denial-of-service attack

Recognize and stop a denial-of-service attack

Table of contents
No headers
Created by Lori Krell_ret, last modified by Alexandra.Nerpasova on Oct 24, 2016

Views: 21 Votes: 0 Revisions: 4

Consider the following scenario:

A SolarWinds NPM advanced alert tells you that your web-facing router is having trouble creating and maintaining a stable connection to the Internet.

SolarWinds NTA helps you easily characterize both outgoing and incoming traffic. This ability becomes ever more important as corporate networks are exposed to malicious denial of service attacks.

  1. Click My Dashboards > Home > Summary.
  2. Under Top 10 Nodes by Average CPU Load, you notice the CPU load on the firewall node is holding steady between 99% and 100%.
  3. Click the firewall node name to open its Node Details view. Under Current Percent Utilization of Each Interface, you see that your firewall interfaces are receiving abnormally high levels of traffic.
  4. Click My Dashboards > NetFlow > NTA Summary.
  5. Under Top 10 Endpoints, you see that the top six computers attempting to access your network are overseas. You realize that you are being port scanned and that your firewall is interactively blocking these attacks.
  6. Use a configuration tool, such as SolarWinds Network Configuration Manager, to push a new configuration to your firewall that blocks all traffic over the IP address range of the computers trying to access your network.
  7. In minutes, your CPU usage drops back to normal.
 
Last modified
06:28, 24 Oct 2016

Tags

Classifications

Public