IntruGuard Products
Products Overview
Key Capabilities
Benefits
Technical Specs
Product Datasheets
 

IntruGuard Products Go Beyond MRTG: Deeper, Granular and With Active Prevention

Multi Router Traffic Grapher (MRTG)

Tobi Oetiker's Multi Router Traffic Grapher (MRTG) monitors SNMP network devices and draws graphs and tables showing how much traffic has passed through each interface. This is a very popular, respected and useful tool used by Service Providers and Data Center IT and security staff. The product can be used for live, continuous monitoring of network traffic.

The visibility of MRTG is limited to traffic at the interface level. In addition, the capability of MRTG is limited to visibility. It has no prevention capability in case there is excess traffic.

IntruGuard's Network Behavior Analysis (NBA) Systems

IntruGuard's NBA Systems start where MRTG leaves. They give the administrator a deeper and granular look at the traffic. Following table shows the key differences between MRTG and IntruGuard.

Feature
MRTG
IntruGuard

Total Traffic at the Interface

Yes
Yes
Granular Layer 3 Traffic

No

Yes
Granular Layer 4 Traffic
No
Yes
Anomalous Traffic
No
Yes

Active Prevention

No
Yes

When there is anomalous traffic in the network, you cannot drill down using MRTG to understand the cause of the traffic anomalies.

An Example Overload Situation As seen and Prevented by an IntruGuard NBA System

The diagram below shows the traffic as seen on an interface. The positive side is the transmitted unicast packets and the negative side is the received unicast packets seen over a week's period.

You can visually spot the traffic anomaly here on Thursday. MRTG will stop helping you beyond this. With the IntruGuard's NBA sytems you can drill down further as explained below.

 

You can see a graph and table that shows the frame sizes as they are received or transmitted:

You can then drill down to the normal traffic as sent by the most active source at any given time on the inbound or outbound side. The dark blue line shows the historical traffic and the lighter blue line shows the adaptively estimated traffic with certain cushion as predicted by the NBA system.

The overage created by a single source can be seen in the graph below. Such high rate packets are dropped.

At any time, you can analyze the top attacks. In this case, there is a UDP port flood being launched by an identified source. The table below clearly identifies the attack.

If you drill down further, you can see which UDP port is being affected. In this case, the UDP port 110 was the target.

If you see the top attackers report, you can see the IP addresses which are causing the flood. The IP addreses have been deliberately smudged to protect the identities.

 

IntruGuard NBA systems have capability to prevent many such attacks including those from distributed sources automatically and within 2 seconds without human intervention.