Integrated network monitoring using zabbix with push notification via telegram / Mohd Faris Mohd Fuzi, Nur Fatin Mohammad Ashraf and Muhammad Nabil Fikri Jamaluddin

The world is becoming increasingly dependent on online services. To offer a service, a network must be in good health and free of any attacks. An attack happens when the confidentiality, integrity, or availability of a service is compromised. Network monitoring is a solution capable of maintaining these network devices from their usage up to detecting attacks. A denial of service (DoS) attack on a network can affect the network performance and can cause serious damage. Zabbix is an open-source network monitoring tool that is versatile and can be used to monitor hosts on a network. The purpose of this project is to detect possible ping and SYN flooding attempts on a server and send alerts to the administrator via Telegram. This project uses Zabbix to monitor a server for potential ping and SYN flooding attacks. Tcpdump is used to log the pings received by the server. When the server continuously receives 10 or more pings per second, an alert will be automatically generated and sent to the administrator via Telegram. Similarly, a SYN flood attack is detected by using netstat’s SYN_RECV flags. When the server continuously receives more than 10 SYN packets without an ACK packet, Zabbix will generate alerts that are sent via Telegram and update the dashboard to show a problem. Zabbix was able to accurately detect all ping flooding attempts on the server. However, SYN flooding attacks were not as accurately detected. The use of Zabbix can be implemented in small businesses or networks for an automated monitoring system. Future work can include more DDoS attacks and adding countermeasure actions when detecting attacks by blocking the IP or port associated with the attack. SYN flooding detection needs to be improved because only two out of three attacks were able to be caught.