Why is my server being flagged for P2P activity?

Across hundreds of flow exporting routers and switches, Flow Analytics™ delivers on:
Top conversations, top applications, top source and destination hosts by bytes, top source and destination hosts by flows, total number of unique hosts, the total number of unique applications, internal threats and several other informative statistics

The NBA portion of Flow Analytics™ delivers on:
Which assets are under attack? What threats are being missed? Users which may not be following corporate policy. Helpful information to determine if the business is in compliance with regulations. Fast searching through massive amounts of data. Monitoring to ensure that the existing infrastructure investments are adequate. Details so that you can target areas to improve the security posture.

Moderators: scottr, Moderator Team

Forum rules
Post a reply

Why is my server being flagged for P2P activity?

Postby nathanh » Thu Dec 11, 2008 2:58 pm

The Flow Analytics P2P algorithm is designed to look for specific traffic patterns that match the behaviors of a P2P client.

Sometimes Exchange servers and file servers can trigger this flag.

If you have studied the flows that are associated with that flag, and you are sure it's a false/positive,
you should consider excluding that server so you don't continue to get alerts on that device.
User avatar
nathanh
Site Admin
 
Posts: 73
Joined: Wed Dec 10, 2008 5:08 pm
Top
Post a reply

Return to Flow Analytics

Who is online

Users browsing this forum: No registered users and 0 guests

Who is online

In total there are 0 users online :: 0 registered, 0 hidden and 0 guests (based on users active over the past 5 minutes)
Most users ever online was 60 on Thu Jun 25, 2009 9:07 am

Users browsing this forum: No registered users and 0 guests
Administration Control Panel