Download NetFlow Analyzer User Guide ()

ManageEngine NetFlow Analyzer – Professional Edition
Problem Name
Short TCP
Psh_Ack Host
Scan
Description
1. Short TCP Psh_Ack flowsfrom single/multiple source hosts to
multiple destination hosts on a single destination port exceeding
Minimum Horizontal Span at the destination end.
Short TCP
Psh_Ack Port
Scan(Reverse)
2. Short TCP Psh_Ack flows from single/multiple source hosts to
multiple destination hosts on fewer destination ports exceeding
Minimum Horizontal Span, Minimum Occupancy and Minimum Aspect
Ratio at the destination end.
Short TCP Psh_Ack flows from single/multiple source hosts to multiple
destination hosts where the number of distinct destination hosts is
equal to the number of distinct destination ports which is also equal to
the number of destination end points exceeding Minimum Diagonal
Span at the destination end (hosts = ports = endpoints)
Short TCP Psh_Ack flowsfrom single/multiple source hosts to multiple
destination hosts on multiple destination ports exceeding Minimum
Vertical Span or Minimum Horizontal Span and Minimum Occupancy
at the destination end
1.Short TCP Psh_Ack flows from single source host to single/multiple
destination hosts using multiple source ports exceeding Minimum
Vertical Span at the source end.
Short TCP
Psh_Ack Host
Scan(Reverse)
2. Short TCP Psh_Ack flows, from fewer source hosts to
single/multiple destination hosts using multiple source ports exceeding
Minimum Vertical Span, Minimum Occupancy and Minimum Aspect
Ratio at the source end.
1. Short TCP Psh_Ack flows ,from multiple source hosts to
single/multiple destination hosts using a single source port exceeding
Minimum Horizontal Span at the source end.
Short TCP
Psh_Ack Diagonal
Scan
Short TCP
Psh_Ack Grid Scan
Short TCP
Psh_Ack Diagonal
Scan(Reverse)
Short TCP
Psh_Ack Grid
Scan(Reverse)
2. Short TCP Psh_Ack flows , from multiple source hosts to
single/multiple destination hosts using fewer source ports exceeding
Minimum Horizontal Span, Minimum Occupancy and Minimum Aspect
Ratio at the source end.
Short TCP Psh_Ack flows from multiple source hosts to single/multiple
destination hosts where the number of distinct source hosts is equal to
the number of distinct source ports which is also equal to the number
of source end points exceeding Minimum Diagonal Span at the source
end (hosts = ports = endpoints).
Short TCP Psh_Ack flows from multiple source host to single/multiple
destination hosts using multiple source ports exceeding Minimum
Vertical Span or Minimum Horizontal Span and Minimum Occupancy
at the source end.
Class
Scans /
Probes
Scans /
Probes
Scans /
Probes
Scans /
Probes
Scans /
Probes
Scans /
Probes
Scans /
Probes
Excess Short TCP
Psh_No-Ack
Packets
TCP Flows with nominal payload ie., BytePerPacket between 40
and 44 octets (bytes) and TCP Flags value IN (8/P, 42/UPS,
43/UPSF, 44/UPR, 45/UPRF, 46/UPRS, 47/UPRSF), denoting TCP
Psh but without Ack, touching or exceeding the Upper Limit and
none of the following derived problems gets satisfied
Suspect
Flows
Short TCP Psh
Attack
Short TCP Psh flows, from multiple source hosts to fewer destination
hosts exceeding Minimum Convergence and Minimum Flux Rate at the
destination end .
Short TCP Psh flows, from single/multiple source hosts to
single/multiple destination hosts exceeding Minimum Flux Rate at the
DoS /
Flash
Crowd
DoS /
Flash
Short TCP Psh
Inflood
195
Zoho Corporation