Version v23.03
The graphs of the entire system, automatic flowspec sending for amplification attacks countering, distributed attack detection, filtration by a packet length, fragmentation and interfaces values and a 95 percentile rate top have been added in Version v23.03.
Changes in v23.03
Graphs. Traffic metric aggregation of the entire system has been added.
Information is displayed in MITIGATOR in forms of graphs and tables. Data in tables is grouped by according to various criteria. Records are ranked by the highest amount of traffic in packets or bits for the specified time period. The number shows the position in the top.
Detect. Predefined metrics of common amplification attacks has been added.
Collector calculates traffic rates of each predefined AMP attack now. Based on the given metrics, MITIGATOR can activate BGP announcement.
Detect. Carpet bombing attacks detection has been added.
MITIGATOR now can get a traffic rate arriving on a subnet, not just a single IP address. The parameters set the subnet, granularity and traffic rate tolerance. Based on this data MITIGATOR can determine the beginning of an attack and register an incident.
Filtration. New filters has been added.
Added filters by:
- packet lengths;
- interface numbers;
- fragmentation flag.
Report. The selection of top source and destination IPs traffic rate with a 95 percentile has been added in report.
The average traffic rates in pps and bps in 5 seconds are calculated for each src and dst IPs at the selected time interval. IP addresses whose average traffic exceeds the 95th percentile fall into the top (separately for bps and pps).