Mailing List Archive

Alter event on ZMQ interface
Dear,


In ZMQ interface, from our test, only host scores alter found.
In physical NIC inerface, we could find some TCP SYN flood alter,
Are flow flood alters available on NIC interface only?

Br,
Kaiser
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Alter event on ZMQ interface [ In reply to ]
Dear sir,


In ZMQ interface, from our test, only host scores alter found.
In physical NIC inerface, we could find some TCP SYN flood alter,
Are flow flood alters available on NIC interface only?

Br,
Kaiser

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: Alter event on ZMQ interface [ In reply to ]
Kaiser,

SYN flood alert is also available over ZMQ when nProbe is used in probe mode (no collector).

I would expect some differences in seeing alerts, though. This is because over ZMQ data is summarized in flows so triggering conditions can slightly differ.

Simone


> On 5 Jul 2020, at 17:44, Kaiser Cheng <kaiser@gentrice.net> wrote:
>
>
> Dear sir,
>
>
> In ZMQ interface, from our test, only host scores alter found.
> In physical NIC inerface, we could find some TCP SYN flood alter,
> Are flow flood alters available on NIC interface only?
>
> Br,
> Kaiser
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: Alter event on ZMQ interface [ In reply to ]
Kaiser,

SYN flood alert is also available over ZMQ when nProbe is used in probe mode (no collector).

I would expect some differences in seeing alerts, though. This is because over ZMQ data is summarized in flows so triggering conditions can slightly differ.

Simone


> On 5 Jul 2020, at 17:44, Kaiser Cheng <kaiser@gentrice.net> wrote:
>
>
> Dear sir,
>
>
> In ZMQ interface, from our test, only host scores alter found.
> In physical NIC inerface, we could find some TCP SYN flood alter,
> Are flow flood alters available on NIC interface only?
>
> Br,
> Kaiser
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop