The High Flow Sources sensor tracks host flows and detects sudden changes in output that may indicate server misconfiguration, virus infection, or unauthorized activity, such as BitTorrent server activity.
Troubleshooting a High Flow Sources Alert
An alert from the High Flow Sources sensor may indicate an increase in connections. The increase is often caused by the introduction of a new authorized or unauthorized application on the network.
Find the source and investigate. The behavior may indicate the presence of a BitTorrent or other peer-to-peer file sharing server.
Peer-to-peer file-sharing or other unauthorized activity often consumes excessive network resources. This type of activity potentially can expose your enterprise to copyright-infringement legal action.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|