Documentation forHybrid Cloud Observability Advancedand NetFlow Traffic Analyzer

Recognize and stop a denial-of-service attack with SolarWinds NTA

Consider the following scenario:

A SolarWinds NPM advanced alert tells you that your web-facing router is having trouble creating and maintaining a stable connection to the Internet.

SolarWinds NTA helps you easily characterize both outgoing and incoming traffic. This ability becomes ever more important as corporate networks are exposed to malicious denial of service attacks.

  1. Click My Dashboards > Home > Summary.
  2. Under Top 10 Nodes by Average CPU Load, you notice the CPU load on the firewall node is holding steady between 99% and 100%.
  3. Click the firewall node name to open its Node Details view. Under Current Percent Utilization of Each Interface, you see that your firewall interfaces are receiving abnormally high levels of traffic.
  4. Click My Dashboards > NetFlow > NTA Summary.
  5. Under Top 10 Endpoints, you see that the top six computers attempting to access your network are overseas. You realize that you are being port scanned and that your firewall is interactively blocking these attacks.
  6. Use a configuration tool, such as SolarWinds Network Configuration Manager, to push a new configuration to your firewall that blocks all traffic over the IP address range of the computers trying to access your network.
  7. In minutes, your CPU usage drops back to normal.