Using Traffic Monitor Graphs : Using the Flood Drops graphs : Using the Flood Drops Layer 4 graphs
 
Using the Flood Drops Layer 4 graphs
You use the Flood Drops graphs to monitor drops due to SPP thresholds that detect flood attacks. Port floods (TCP or UDP) are examples of Layer 4 floods. In these attacks, a single port is attacked continuously. An ICMP echo flood is an example of a port flood.
Table 38 summarizes the statistics displayed in Flood Drops: Layer 4 graph. Figure 52 shows the graph.
You can customize the following query terms: SPP and period.
Before you begin:
You must have Read-Write permission for Log & Report settings.
To display the graphs:
Go to Monitor > Flood Drops > Layer 4.
Table 38: Flood Drops: Layer 4
Statistic
Description
SYN Packets
Drops due to syn threshold. This counter tracks the SYN packet rate for all traffic belonging to the SPP.
For a detailed graph, go to Monitor > Layer 4.
TCP Ports and UDP Ports
Aggregation of drops due to the thresholds for TCP Ports and UDP Ports.
To view statistics for a specific port, go to Monitor > Layer 4 > Ports.
ICMP Types/Codes
Aggregation of drops due to the SPP thresholds for ICMP Types/Codes.
To view statistics for a specific type and code, go to Monitor > Layer 4 > ICMP Types/Codes.
Zombie Flood
Drops due to the new-connections threshold, which sets a limit for legitimate IPs. FortiDDoS assumes a zombie flood is underway when the number of allowed legitimate IP addresses during a SYN flood exceeds a set threshold. These packets indicate that non-spoofed IP addresses are creating a DDoS attack by generating a large number SYN packets.
For a detailed graph, go to Monitor > Layer 4 > New Connections.
SYN Packets Per Source Flood
Drops due to the syn-per-source threshold. This counter tracks SYN packets for each source.
For a detailed graph, go to Monitor > Layer 4.
Excessive Concurrent Connections Per Source
Drops due to the concurrent-connections-per-source threshold.
For a detailed graph, go to Monitor > Layer 4.
Excessive Concurrent Connections Per Destination
Drops due to the concurrent-connections-per-destination threshold.
For a detailed graph, go to Monitor > Layer 4.
SYN Packets Per Destination
Drops due to the syn-per-dst threshold.
For a detailed graph, go to Monitor > Layer 4.
FIN Packets Per Destination
Drops due to the fin-per-dst threshold.
For a detailed graph, go to Monitor > Layer 4.
ACK Packets Per Destination
Drops due to the ack-per-dst threshold.
For a detailed graph, go to Monitor > Layer 4.
ESTAB Packets Per Destination
Drops due to the estab-per-dst threshold.
For a detailed graph, go to Monitor > Layer 4.
RST Packets Per Destination
Drops due to the rst-per-dst threshold.
For a detailed graph, go to Monitor > Layer 4.
Figure 52: Flood Drops: Layer 4