Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

DDoS Defender attack statistics

 

Information

 

Summary:

Details of attack statistics.

Environment:

Product: Flowmon DDoS Defender

Version: Any

Platform: Any

Question/Problem Description:

What do the attack statistics mean?

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution:
  • Traffic after attack - traffic after the attack. "Outgoing All" refers to all outgoing traffic, and "All" refers to all incoming traffic. Other traffic types (DNS, HTTP, TCP,…) are visible only if respective baselines are enabled in the rule definition.
  • Port traffic during attack - these statistics are computed for well-known ports (FTP = 21, SSH = 22, Telnet = 23, SMTP = 25, DNS = 53, HTTP = 80, POP3 = 110, NTP = 123, IMAP4 = 143, SNMP = 161, LDAP = 389, HTTPS = 443), and they refer to destination port of the attack.
  • Absolute traffic increase on ports - refers only to traffic increase on the well-known ports compared to the standard traffic. The level of the standard traffic is subtracted from the overall traffic.
  • Traffic during attack - traffic during the attack. "Outgoing All" refers to all outgoing traffic, and "All" refers to all incoming traffic. Other traffic types (DNS, HTTP, TCP,…) are visible only if respective baselines are enabled in the rule definition.
  • Absolute traffic increase during attack - the same as above, but the standard traffic is subtracted.
  • Traffic before attack - traffic before the attack. The chart includes all types of monitored baselines (DNS, HTTP, TCP,…), even those not enabled in the attack rule. "All" refers to all incoming traffic.
Workaround:  
Notes:  

Was this article helpful?
0 out of 0 found this helpful

Comments