- Posts: 1
- Thank you received: 0
router reporting frequent security alerts
- gatekeeper
- Topic Author
- Offline
- New Member
-
18 years 5 months ago #14049
by nske
Replied by nske on topic Re: router reporting frequent security alerts
Well, we should know more on what kind of traffic the router considers abnormal and marks as a DoS. Unfortunately the example doesn't say anything.
Some things that would be useful to clarify:
- Does the suspicious traffic come from within the network or from the outside?
- Is there some apparent pattern on the traffic? I.e, is it destined to a specific host and coming from multiple soures, or the opposite?
- What is the duration of each "attack" and what hosts of your network does it involve (operating system, role -if they serve as a workstation or to provide some kind of services)
You could configure your router to log the full header information of the traffic, or ideally the whole traffic including the payload. This should provide enough information to tell what's going on
Some things that would be useful to clarify:
- Does the suspicious traffic come from within the network or from the outside?
- Is there some apparent pattern on the traffic? I.e, is it destined to a specific host and coming from multiple soures, or the opposite?
- What is the duration of each "attack" and what hosts of your network does it involve (operating system, role -if they serve as a workstation or to provide some kind of services)
You could configure your router to log the full header information of the traffic, or ideally the whole traffic including the payload. This should provide enough information to tell what's going on
Time to create page: 0.112 seconds