Help
FortiDDoS
FortiDDoS protects from both known and zero day attacks with very low latency. It’s easy to deploy and manage, and includes comprehensive reporting and analysis tools.
cbenejean
Staff
Staff

Created on ‎01-29-2018 01:06 AM Edited on ‎03-28-2025 06:49 AM By Moderator

Article Id 196421

Technical Tip: Most active source graph

Description

 
This article describes why there are more packets/sec reported for the Most Active Source graph (see Most Active Source graph - FortiDDOS Handbook) compared to what the FortiDDoS is actually receiving/sending for that source and also compared to other graphs.


Scope

 

All FortiDDoS.


Solution

 
For TCP and DNS traffic, the MAS will add up both directions. Wherever a session is detected, it is associated with both inbound and outbound traffic to its source for Most Active Source. This is to catch the offending sources in a faster way. Since this client creates the session, the source can be identified and punished more rapidly.
Labels:
709
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.