The High Packet Fan Out sensor looks for packets that fan out from a single host to many hosts. Packet fanning is typical of a spreading virus or worm. A High Packet Fan Out anomaly is a primary type of anomaly, which typically occurs in conjunction with another type of anomaly.
Troubleshooting a High Packet Fan Out Alert
An alert from the High Packet Fan Out Sources sensor may indicate a spreading virus or worm infection. Some viruses or worms operate by creating "zombie" hosts that spread the infection in a fan-out pattern.
If you suspect a virus infection, use CA Anomaly Detector to identify each offending host, then use a firewall or ACL to try to block the host from sending data on the network. You also can take the affected server offline.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|