Follow

Q&A: How do DDoS alerts trigger?

Question

  • How do DDoS alerts trigger?

     

Environment

  • Silverline DDoS
  • GRE Tunnels
  • BGP Routing
  • Proxy/Proxies
  • Email/SMS DDoS Notification


Answer

  • An alert is triggered when a threshold is met or exceeded by a sampling rate detected on our mitigation appliance
  • Alerts are triggered 3 primary ways:
    1. Static Bandwidth Thresholds - Static threshold alerts can be enabled to alert if traffic bandwidth levels surpass a specified level. Should you desire specific levels be set, Contact the Silverline SOC.
    2. DDoS Misuse Thresholds - Alerts can be triggered on packet per second levels for a variety of DDoS attack vectors. These include: DNS, ICMP, IP Fragment, IP Null, TCP Reset, TCP SYN, and UDP. To have specific thresholds set, Contact the Silverline SOC.
    3. Profiled Bandwidth - For always-on Routed customers, Silverline will build a profile of traffic levels. Alerts will trigger for anomalies that surpass profiled traffic levels.
  • Alerts are displayed in Portal in 2 places:
    • Monitor & Analyze > DDoS Activity
    • Dashboards > DDoS Dashboard

Related Content

 

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request