Powered by Zoomin Software. For more details please contactZoomin

Flowmon ADS

Table of Contents

SRVNA - Service Not Available

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: April 5, 2026
  • 2 minute read
    • Flowmon Products
    • Flowmon Anomaly Detection System
    • Documentation

Method description

The detection method is used to detect unavailable services (IP address/port), to which clients want to gain access. This method can be restricted by a minimum number of accesses to the service (the AttemptsThreshold parameter) and by the filter that defines the IP addresses of provided services (the ServiceProviders parameter). If the event is generated, the source IP address is the address of the provider of the unavailable service. The number of successful connections and successfully connected clients are also provided. It is possible to limit the detection using the RelativeUnsuccessful parameter that defines the minimum ratio between unsuccessful requests and all connections to the given service.

This method also detects unavailable services on the UDP protocol. This part of detection can be set by the UDPThreshold parameter which defines the minimum threshold of unsuccessful attempts.

The method consists of the following submethods:

  • TCPService: Reports the unavailability of the TCP services provided in the monitored network. Services that send no responses to clients or actively reject incoming connections are reported. This submethod is used when the OnlyRejected parameter is set to the value no.

  • TCPServiceReset: Reports the unavailability of the TCP services provided in the monitored network. Only the services that actively reject the incoming connections are reported. This submethod is used when the OnlyRejected parameter is set to the value yes.

  • UDPService: Reports the unavailability of the UDP services provided in the monitored network.

Method configuration

It is recommended to activate this method for all IP addresses. The right place for traffic monitoring is the central switch and the Internet connection line. It is recommended to activate the OnlyRejected parameter if the detection is performed on the sampled traffic.

Method parameters

  • ServiceProviders: Name of the filter that defines the IP addresses of servers whose failures should be detected.

  • AttemptsThreshold: Threshold of a minimal number of accesses to a single service (defined as IP address, protocol, and port).

  • RelativeUnsuccessful: Threshold of the ratio between the unsuccessful accesses to a service and the total number of accesses (in percent).

  • OnlyRejected: Evaluation of rejected accesses to the service (access attempts with responses with TCP RESET flag).

  • UDPThreshold: Threshold of a minimal number of accesses to the service on UDP protocol. If the value of the parameter is equal to 0, the detection of the unavailable service on the UDP protocol is inactive.

Assigned filter

The filter is used for restricting source IP addresses (servers).

Interpretation of results

Apart from detecting the successful Denial of Service attack, this method may also detect wrong configurations – either on the server which does not provide the intended service or on the client, which demands services that are not provided.

TitleResults for “How to create a CRG?”Also Available inAlert