Integrated network monitoring using zabbix with push notification via telegram / Mohd Faris Mohd Fuzi, Nur Fatin Mohammad Ashraf and Muhammad Nabil Fikri Jamaluddin

Mohd Fuzi, Mohd Faris and Mohammad Ashraf, Nur Fatin and Jamaluddin, Muhammad Nabil Fikri (2022) Integrated network monitoring using zabbix with push notification via telegram / Mohd Faris Mohd Fuzi, Nur Fatin Mohammad Ashraf and Muhammad Nabil Fikri Jamaluddin. Journal of Computing Research and Innovation (JCRINN), 7 (1): 14. pp. 155-163. ISSN 2600-8793

Abstract

The world is becoming increasingly dependent on online services. To offer a service, a network must be in good health and free of any attacks. An attack happens when the confidentiality, integrity, or availability of a service is compromised. Network monitoring is a solution capable of maintaining these network devices from their usage up to detecting attacks. A denial of service (DoS) attack on a network can affect the network performance and can cause serious damage. Zabbix is an open-source network monitoring tool that is versatile and can be used to monitor hosts on a network. The purpose of this project is to detect possible ping and SYN flooding attempts on a server and send alerts to the administrator via Telegram. This project uses Zabbix to monitor a server for potential ping and SYN flooding attacks. Tcpdump is used to log the pings received by the server. When the server continuously receives 10 or more pings per second, an alert will be automatically generated and sent to the administrator via Telegram. Similarly, a SYN flood attack is detected by using netstat’s SYN_RECV flags. When the server continuously receives more than 10 SYN packets without an ACK packet, Zabbix will generate alerts that are sent via Telegram and update the dashboard to show a problem. Zabbix was able to accurately detect all ping flooding attempts on the server. However, SYN flooding attacks were not as accurately detected. The use of Zabbix can be implemented in small businesses or networks for an automated monitoring system. Future work can include more DDoS attacks and adding countermeasure actions when detecting attacks by blocking the IP or port associated with the attack. SYN flooding detection needs to be improved because only two out of three attacks were able to be caught.

Metadata

Item Type: Article
Creators:
Creators
Email / ID Num.
Mohd Fuzi, Mohd Faris
UNSPECIFIED
Mohammad Ashraf, Nur Fatin
UNSPECIFIED
Jamaluddin, Muhammad Nabil Fikri
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Instruments and machines > Electronic Computers. Computer Science > Computer software
Q Science > QA Mathematics > Instruments and machines > Electronic Computers. Computer Science > Client/server computing
Divisions: Universiti Teknologi MARA, Perlis > Arau Campus
Journal or Publication Title: Journal of Computing Research and Innovation (JCRINN)
UiTM Journal Collections: UiTM Journal > Journal of Computing Research and Innovation (JCRINN)
ISSN: 2600-8793
Volume: 7
Number: 1
Page Range: pp. 155-163
Keywords: Network Monitoring, Zabbix, Ping Flood, SYN Flood, Telegram
Date: 2022
URI: https://ir.uitm.edu.my/id/eprint/60705
Edit Item
Edit Item

Download

[thumbnail of 60705.pdf] Text
60705.pdf

Download (446kB)

ID Number

60705

Indexing

Statistic

Statistic details