fastnetmon misreports attack type and protocol
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	CDanis
	Dec 23 2019, 5:47 PM

Description

Since about Dec 1st*, fastnetmon seems to only ever report Attack type: unknown and Attack protocol: tcp, regardless of the kind of traffic that triggers it.

Details

	Subject	Repo	Branch	Lines +/-
	fastnetmon: remove UDP and ICMP limits	operations/puppet	production	+2 -5

Customize query in gerrit

Event Timeline

CDanis created this task.Dec 23 2019, 5:47 PM

Restricted Application added a project: SRE. · View Herald TranscriptDec 23 2019, 5:47 PM

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

• jcrespo triaged this task as Medium priority.Dec 26 2019, 10:59 AM

Opened https://github.com/pavel-odintsov/fastnetmon/issues/787

Known issue: https://github.com/pavel-odintsov/fastnetmon/issues/787#issuecomment-570740316
I don't see it being solved anytime soon.

Also added a "limitations" section to the doc: https://wikitech.wikimedia.org/wiki/Netflow#Limitations

Change 562387 had a related patch set uploaded (by CDanis; owner: CDanis):
[operations/puppet@production] fastnetmon: remove UDP and ICMP limits

https://gerrit.wikimedia.org/r/562387

gerritbot added a project: Patch-For-Review.Jan 8 2020, 10:00 PM

Change 562387 merged by CDanis:
[operations/puppet@production] fastnetmon: remove UDP and ICMP limits

https://gerrit.wikimedia.org/r/562387

Believe this has been worked around for now.

CDanis closed this task as Resolved.Oct 26 2020, 12:52 PM

CDanis claimed this task.

Nintendofan885 removed a project: Patch-For-Review.Oct 26 2020, 12:54 PM

fastnetmon misreports attack type and protocol Closed, ResolvedPublicActions

Description

Details

Event Timeline

fastnetmon misreports attack type and protocol
Closed, ResolvedPublic
Actions