«Network Traffic Analyzer» — system for telecom operator’s network monitoring and surveillance, failure tracking and traffic analysis in real time.
Read more at www.kroznet.com
- Background statistical control of network metrics aiming at malefactor’s profile detection;
- Automatic blocking of malefactor’s traffic in all controlled network;
- Configured levels and verification regimes for the selected subnets, personal account for operator’s subscribers;
- Blocking of attacks originating from subscribers;
- Special functions of protection against highly distributed attacks;
- Possibility of manual analysis and setting rules;
- Possibility of distribution of network probes;
- Possibility of active protection of WEB-services at the level of applied sessions;
- Detecting of a broad spectrum of DDoS-attacks;
- Reports in the real time mode;
- Automatic recording of traffic attack dumps, retrospective analysis.
Basic list of detected attacks:
- Information telecommunication resources scanning;
- Illegitimate traffic on the unclaimed protocol and/or port (UDP Flood, ICMP Flood);
- Attack by IP-packets fragments with incorrect contents;
- Slow DoS attacks, SlowLoris, SlowPost and their analogs;
- Initiation of connection at the transport layer of TCP/IP stack (TCP Syn Flood);
- Installation of full TCP-connection with its further dropping without data exchange inside the socket (TCP Connection Flood);
- Attack with the use of DNS protocol and generation of legitimate queries/ answers, including DNS Amplification;
- Attack with the use of NTP protocol and generation of legitimate queries/ answers, including NTP-Amplification;
- Sending data on HTTP/1.0 or HTTP/1.1 protocol without protocol specification;
- SIP-service attack;
- SMTP-service attack;
- FTP-service attack;
- Spoofing attacks of any level of complexity, such as TCP and UDP;
- Highly distributed TCP, UDP attacks (including HTTP flood);
- Distributed attack on the Customer’s specific service.
- 1RU probe with a possibility of processing up to 10 Gbit/sec of transit traffic, including different flood options;
- Possibility of safe inline connection or BGP routing scheme;
- Hardware connection devices with fault tolerance function;
- Possibility of hardware balancing of loading from 40 Gbit/sec and 100 Gbit/sec channels.
The system is intended for use in the network core of telecom operator/Internet service provider. Integration of DDoS-protection services into the range of services of the telecom operator is also possible.
NORSI-TRANS offers 10G 40G 100G 1000G network systems for implementation. The company provides 24/7 support and participation of the specialists in the development of the strategy of communication network protection.