Malicious and Malformed Traffic Identification
Identify malicious and malformed traffic through port 0 monitoring
As enterprise networks more frequently become victims of malicious denial of service (DoS) attacks, characterizing both outgoing and incoming traffic has become more important than ever. SolarWinds® NetFlow Traffic Analyzer (NTA) version 4.4 can now help with malicious traffic identification with its new functionalities for port 0 monitoring.
Network traffic on the wire addressed to port 0 is always either malformed or malicious since port 0 is reserved for internal use. By allowing TCP or UDP port 0 monitoring, NTA can help your administrators better identify and distinguish between malformed or malicious traffic. Monitoring port 0 for malicious traffic identification helps keep networks safe and better equips administrators to discover and prevent sources of malicious traffic attacking hosts within the network while also providing the information administrators need to stop attacks.
To enable port 0 monitoring within NetFlow Traffic Analyzer, install or upgrade NTA to version 4.4. After installation or upgrade, look for an application called Port 0 in the NetFlow Settings, under Manage Applications and Service Ports. This application covers all traffic between TCP/UDP port 0 and any other TCP/UDP port.Use port 0 monitoring for DDoS attacks identification
A distributed DoS (DDoS) attack is a term used to describe a type of DoS attack. These attacks use multiple connected devices, often referred to as a botnet, to swarm a network with fake traffic, which makes servers unavailable to actual users. These attacks are an increasingly common source of frustration and downtime as organizations search for more effective ways to integrate malicious and malformed traffic identification into their network monitoring efforts.
To bolster DDOS attack identification, SolarWinds NetFlow Traffic Analyzer allows you to set alerts to warn administrators when web-facing routers are having trouble creating and maintaining a stable connection to the internet. The first step is tracking and monitoring your baseline network traffic; then, you can set thresholds defining when those traffic levels become abnormal.
Administrators can quickly and easily use a configuration tool, such as SolarWinds® Network Configuration Manager, to push a new configuration to your firewall blocking all traffic over the IP address range of the computers trying to access your network.
Set port 0 monitoring alerts for more proactive visibility
SolarWinds NetFlow Traffic Analyzer allows you to remain vigilant about DDOS attack identification as well as malformed and malicious traffic identification by enabling administrators to quickly and easily set port 0 monitoring alerts.
And with SolarWinds NTA alert software, administrators can also designate the time of day or days of the week during which specific administrators will receive network alerts regarding network traffic or port 0 monitoring. Administrators can also choose how to receive those alerts, whether via email or text, or other means.
And to better ensure potential attacks aren’t only identified but shut down as soon as they occur, NTA lets administrators specify which administrator receives a network notification and when. This means the correct administrator is always notified immediately about suspicious traffic, regardless of location or time of day.
And so you never have to worry about missing critical alerts warning about DDOS attacks or malicious traffic identification, you can also decide how the alert engine should escalate unacknowledged alerts.
Get additional network traffic and bandwidth monitoring capabilities
NTA offers industry-leading features such as bandwidth monitoring, application traffic alerting, and network traffic analysis.
NTA can assist in keeping your network healthy by helping to monitor the flow of traffic over your entire network. With a tool to analyze your NetFlow data, you can get a more accurate picture of how traffic normally flows across your network, including source, destination, congestion points, and volume. Using a NetFlow monitoring solution can help you analyze flow records to understand and optimize traffic within the network, so you can prevent bottlenecks and avoid spending money on additional bandwidth you’re not using.
NTA also utilizes the SolarWinds Orion® Platform, which integrates easily with surface data from other SolarWinds products, such as Network Performance Monitor, IP Address Manager, and more. Get a more complete picture of your entire network with these integrated network monitoring and management solutions.
Port 0 monitoring to help you identify malicious traffic
NetFlow Traffic Analyzer
- Discover malicious traffic within your network
- Be proactive about DDoS attacks identification
- Set automated alerts to notify you of network issues