Home >> Traffic Monitoring >>
Network Anomaly Detection
With all the packets headers information collected and stored in a central location, the built-in attack detection module is able to study and correlate traffic behaviors to identify
common network based attacks or undesirable applications.
[Click to enlarge]
- Network port scanning. It detects many suspicious activities such as worms, BOTNET scanning attacks etc. This module also detects SWIFT, DABBER, QWIN worms and many other unusual activities.
- Host port scanning. It identifies attackers that scan TCP or UDP service ports for vulnerabilities.
- ICMP flooding. It checks how many ICMP packets the host is sending. If the number of packets exceeds the configured threshold, then the system creates a new anomaly.
- TCP/SYN flooding. It detects direct or distributed flooding of network with TCP connection requests. This attack is characteristic for distributed denial of service attacks.
- Network games detection. It uses heuristic methods to detect network games which are undesirable for business productivities.
- Peer to peer application detection, such as FastTrack, Kazza, Overnet, Kademlia, Aimster, GNUtella, GNUtella2, WinMX, OpenNapster, Direct Connect, eDonkey and BitTorrent.