Inbound Session Volume Analysis
Analyzing inbound network session or connection attempt volume.
How it works
Network appliances are configured to alert on certain packets that typically are involved in DoS attacks. Typical packets include ICMP packets and SYN requests that are commonly used to flood networks. A sampling period is used to define a time window in which collected counts of the identified packets can be measured. If the collected number of packets exceeds a predefined limit then an alert is generated.
Scalability as volume of attacks increase; single servers may not have the memory and storage resources to handle high volumes of network traffic.
The following references were used to develop the Inbound Session Volume Analysis knowledge-base article.
(Note: the consideration of references does not imply specific functionality exists in an offering.)