Open gregory-mac opened 2 years ago
Hello!
We removed this logic as it was mostly broken as nDPI expected to see whole packets and in case of sFlow or sampled mirror it wasn't a case and it did not work for most popular Netflow v9 / IPFIX.
In Advanced version we have detailed per protocol thresholds: https://features.fastnetmon.com/feature-requests/p/add-option-to-create-thresholds-based-on-arbitrary-traffic-types
Thanks for the answer.
Advanced edition can easily do it: https://fastnetmon.com/docs-fnm-advanced/flexible-thresholds/
Hi Pavel!
If I understand correctly, since nDPI removal Fastnetmon can no longer recognize amplification attack types listed here.
I was wondering, are there any plans to add/return this ability? Issue somewhat related:
911
Even without DPI, it could be valuable to have L4 port-aware thresholds.