Function
The packet discarding trend helps you learn about the traffic trend of various packets discarded by the cleaning device.
Parameter
| Parameter | Description |
|---|---|
| Device | Selects a cleaning device from the drop-down list. Total-Cleaning indicates that the sum of traffic volumes on all cleaning devices is queried. |
| Zone | Click  ,
select a Zone on the Zone page that is displayed,
and then click OK. |
| Service | Select a service or service group
from the drop-down list. For details about service configuration, see (Optional) Creating a Service and a Defense Policy. |
| IP Address | Enter the destination IP address. Both IPv4 and IPv6 addresses are applicable. The anomaly/attack log of traffic destined for the IP address of the Zone is queried. |
| Time | Click  to select
the start time and end time of statistics. Or you can change the time
values in corresponding text boxes.The end time should be later than the start time and the interval cannot be longer than one year. |
Example
If the Device is set to Total-Cleaning, the packet discarding trend within a period of time are displayed in Figure 1.
NOTE: This chart is an overlay discarding packets chart. Through the chart, you can view the total numbers of discarding packets at a point in time and traffic change trends of various discarding packets.
- Spoofing packets: packets discarded because of forged source attacks
- Dynamic filter packets: packets discarded because of dynamic signatures
- User-defined packets: packets discarded because of static filtering policies such as signatures, ACLs, blacklist entries, and host filtering policies
- Client Attack packets: packets discarded because of attacks that use the attacker's IP address to establish TCP connections
- Malformed_connections packets: packets discarded because of the FIN flood, DNS cache poisoning, or DNS reflection attacks
- Malformed packets: packets discarded because of malformed packet attacks
- Overflow packets: packets discarded because of the configured traffic limiting or rate limiting policies
- Other packets: other discarded packets
Attack Trend Report Category |
Attack Type |
|---|---|
Spoofing packets |
SYN Flood, ACK Flood, SYN-ACK Flood, FIN/RST Flood, TCP Fragment Flood, UDP Flood, DNS Request Flood, DNS Reply Flood, SIP Flood, TCP-authenticated UDP Attack |
User-defined packets |
Blacklist, Filter Attack, IP Reputation, Location Attack, Filter Attack |
Dynamic filter packets |
UDP Flood, UDP Fragment Flood, URI Monitor, DNS Cache Match, Other Flood Attack |
Malformed connection packets |
DNS Cache Poisoning, DNS Reflection |
Malformed packets |
DNS Size Abnormal, DNS IP TTL Check Fail, DNS Format Error, Tcp Flag Attack, Botnets/Trojan horses/Worms Attack, Malicious Domains Attack, Anti-Malware |
Overflow packets |
TCP Fragment Bandwidth Overflow, TCP Bandwidth Overflow, UDP Fragment Bandwidth Overflow, UDP Bandwidth Overflow, ICMP Bandwidth Overflow, Other Flood, Total Flood, Zone Packet Rate Abnormity, SIP source rate abnormity |
Client Attack packets |
HTTPS Flood, HTTP Flood, Blacklist, Connection Flood, Domain Hijacking, Source DNS Request Flow Abnormal, Source DNS Reply Flow Abnormal, DNS Request Domain Flow Abnormal, DNS Reply Domain Flow Abnormal, Port Scanning Attack, BGP Flood Attack, DNS no such name, HTTP Slow Attack, Web Attack |
Other packets |
TCP Fragment Abnormal, TCP Abnormal, UDP Fragment Abnormal, UDP Abnormal, ICMP Abnormal, Other Abnormal |
Procedure
- Choose .
- Click the Packet Discarding Trend tab.
- Set query parameters.
- Click Search.
The trend chart of packet discarding meeting query conditions is displayed.
- Optional: Open or
save the query results as files, or send queried reports to the specified
email address.
- Click
to open or
save the query results as PDF files. A maximum of 10,000 entries can
be displayed. - Click
to open or
save the query results as EXCEL files. A maximum of 10,000 entries
can be displayed. - Click
to enter
a recipient mail address and select an attachment format. Then click OK.
- Click