Searching for Flood Sources in the Operator’s Network [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • ODT export
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • ODT export
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Next revision    		Previous revision
    en:dpi:qoe_analytics:cases:network_health:flood [2026/02/17 14:07] – created elena.krasnobryzhen:dpi:qoe_analytics:cases:network_health:flood [2026/02/17 14:11] (current) elena.krasnobryzh
    Line 33: Line 33:
     =====2. Searching for a flood source (BotNet)===== =====2. Searching for a flood source (BotNet)=====
     ====Searching for subscribers with a high number of flows per second==== ====Searching for subscribers with a high number of flows per second====
    -  - Open the QoE Analytics report → Raw Full Netflow → Attack detection → Top subscribers → By flows:\\ {{:en:dpi:qoe_analytics:cases:network_health:flood_1.png?direct&1100|}}+  - Open the QoE Analytics report → Raw Full Netflow → Attack detection → Top subscribers → By flow:\\ {{:en:dpi:qoe_analytics:cases:network_health:flood_1.png?direct&1100|}}
       - Set the time range:\\ {{:en:dpi:qoe_analytics:cases:network_health:flood_2.png?direct&800|}}   - Set the time range:\\ {{:en:dpi:qoe_analytics:cases:network_health:flood_2.png?direct&800|}}
       - Add a traffic direction filter – From subscriber:\\ {{:en:dpi:qoe_analytics:cases:network_health:flood_3.png?direct&700|}}   - Add a traffic direction filter – From subscriber:\\ {{:en:dpi:qoe_analytics:cases:network_health:flood_3.png?direct&700|}}
    -  - Click the Flow column for convenient sorting\\ \\ The detected subscriber source IP addresses must be added to a local AS ([[en:dpi:qoe_analytics:cases:network_health:flood#создание_локальной_as_пример_для_ipv4|see section 3.1]])+  - Click the Flow column for convenient sorting\\ \\ The detected subscriber source IP addresses must be added to a local AS ([[en:dpi:qoe_analytics:cases:network_health:flood#creating_a_local_as_example_for_ipv4|see section 3.1]])
      
     ====Searching for hosts with a high number of flows per second==== ====Searching for hosts with a high number of flows per second====
    -  - Open the QoE Analytics report → Raw Full Netflow → Attack detection → Top host IP addresses → By flows:\\ {{:en:dpi:qoe_analytics:cases:network_health:flood_4.png?direct&1100|}}+  - Open the QoE Analytics report → Raw Full Netflow → Attack detection → Top host IP addresses → By flow:\\ {{:en:dpi:qoe_analytics:cases:network_health:flood_4.png?direct&1100|}}
       - Set the time range.   - Set the time range.
       - Add a traffic direction filter – From subscriber.   - Add a traffic direction filter – From subscriber.
    -  - Click the Flow column for convenient sorting.\\ The detected host IP addresses must be added to a local AS ([[en:dpi:qoe_analytics:cases:network_health:flood#создание_локальной_as_пример_для_ipv4|see section 3.1]])+  - Click the Flow column for convenient sorting.\\ The detected host IP addresses must be added to a local AS ([[en:dpi:qoe_analytics:cases:network_health:flood#creating_a_local_as_example_for_ipv4|see section 3.1]])
      
     =====3. Blocking IPs by assigning them to an autonomous system===== =====3. Blocking IPs by assigning them to an autonomous system=====