Skip to main content
Version: 2.11.0

Low and Slow Attack – Network Peers

KeyField DescriptionComments
NFO timestampFormat: Mmm dd hh:mm:ss
NFO server IP addressFormat: IPv4_address
NFO server NetFlow source IDConfigurable.
nfc_idMessage type identifier“nfc_id=20200”
exp_ipNetwork device (exporter) IP address<IPv4_address>
dest_ipMonitored server IP address<IPv4_address>
dest_portMonitored server port number<number>
src_ip“Low and Slow” client IPv4 address<IPv4_address>
[src_host]Host name of an active “Low and Slow” client<string>
[src_cc]Country code of an active “Low and Slow” client<string>
first_seenTime when slow sessions was detected first time, unix seconds<number>, unix sec
last_seenTime when slow sessions was detected last time, unix seconds<number>, unix sec
con_countTotal number of slow sessions<number>