Powered by Zoomin Software. For more details please contactZoomin

Flowmon ADS User Guide

Table of Contents

DIRINET - Direct Internet Communication

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: April 5, 2026
  • 2 minute read
    • Flowmon Products
    • Flowmon Anomaly Detection System
    • Documentation

Method description

This method detects devices that are communicating directly to the Internet (beyond the segment defined by the LANSegment parameter). It is possible to set reporting of unsuccessful and successful communication out of the allowed network segment using the parameter ReportTries (eventually ReportCommunication). The minimal transfer is given by the value of the MinimalTransfer parameter.

This method consists of the following submethod:

  • General: Reports that the device communicates with devices located outside of the user-defined and allowed network segment.

Method configuration

It is recommended to apply this method on the IP addresses from your network that should not be able to communicate directly into the Internet (for example, due to security guidelines). The right place for monitoring the Internet is the connection line.

Method parameters

  • LANSegment: The name of the filter that defines the IP addresses with which direct communication is allowed.

  • ReportTries: Defines whether to report unsuccessful attempts of communication with IP addresses outside the network defined by the LANSegment parameter.

  • ReportCommunication: Defines whether to report successful communication with IP addresses outside the network defined by the LANSegment parameter.

  • MinimalTransfer: The minimal amount of transferred data between the IP addresses inside and outside the network defined by the LANSegment parameter.

Assigned filter

Only flows whose source IP address matches the assigned filter will be processed.

Interpretation of results

This method is capable to detect devices that communicate directly into the Internet even if they are expected not to do this (they should use a proxy server or they should communicate only with other devices inside the local segment). This incident may indicate that the device is not properly configured to use proxy servers or is intentionally bypassing security measures. As a result, network traffic of such devices is not under proper control.

TitleResults for “How to create a CRG?”Also Available inAlert