Hello,
We have the source of the SLFOW packets at the edge of our network and use the Top Destinations by Frames (latest) to determine DOS attacks. Is there any way to have an SNMP trap sent out based on a threshhold for the top destination ip? I know I can set a threshhold for the Switch port, but that would only show the largest DOS attacks and not by individual ip address. If it were possible I would like the trap to give source IP, Destination IP, frames per second, and protocol. Any ideas if this can be done in traffic server? Possibly outside of traffic server by gathering the information from traffic server? Sending the SFLOWS to another server to do it with a different app? Thanks in advance.
Greg Conroy
Network Engineer
www.interland.com
Received on Thu Oct 6 05:57:39 2005
This archive was generated by hypermail 2.1.8 : 10/06/05 PDT