Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA Documentation > NTA 4.5 Administrator Guide > Common tasks and user scenarios > Recognize and stop a denial-of-service attack

Recognize and stop a denial-of-service attack

Table of contents
No headers
Created by Lori Krell_ret, last modified by Alexandra.Nerpasova on Oct 24, 2016

Views: 489 Votes: 0 Revisions: 4

Consider the following scenario:

A SolarWinds NPM advanced alert tells you that your web-facing router is having trouble creating and maintaining a stable connection to the Internet.

SolarWinds NTA helps you easily characterize both outgoing and incoming traffic. This ability becomes ever more important as corporate networks are exposed to malicious denial of service attacks.

  1. Click My Dashboards > Home > Summary.
  2. Under Top 10 Nodes by Average CPU Load, you notice the CPU load on the firewall node is holding steady between 99% and 100%.
  3. Click the firewall node name to open its Node Details view. Under Current Percent Utilization of Each Interface, you see that your firewall interfaces are receiving abnormally high levels of traffic.
  4. Click My Dashboards > NetFlow > NTA Summary.
  5. Under Top 10 Endpoints, you see that the top six computers attempting to access your network are overseas. You realize that you are being port scanned and that your firewall is interactively blocking these attacks.
  6. Use a configuration tool, such as SolarWinds Network Configuration Manager, to push a new configuration to your firewall that blocks all traffic over the IP address range of the computers trying to access your network.
  7. In minutes, your CPU usage drops back to normal.


Last modified