Integrated Network Monitoring using Zabbix with Push Notification via Telegram
Keywords:Network Monitoring, Zabbix, Ping Flood, SYN Flood, Telegram
The world is becoming increasingly dependent on online services. To offer a service, a network must be in good health and free of any attacks. An attack happens when the confidentiality, integrity, or availability of a service is compromised. Network monitoring is a solution capable of maintaining these network devices from their usage up to detecting attacks. A denial of service (DoS) attack on a network can affect the network performance and can cause serious damage. Zabbix is an open-source network monitoring tool that is versatile and can be used to monitor hosts on a network. The purpose of this project is to detect possible ping and SYN flooding attempts on a server and send alerts to the administrator via Telegram. This project uses Zabbix to monitor a server for potential ping and SYN flooding attacks. Tcpdump is used to log the pings received by the server. When the server continuously receives 10 or more pings per second, an alert will be automatically generated and sent to the administrator via Telegram. Similarly, a SYN flood attack is detected by using netstat’s SYN_RECV flags. When the server continuously receives more than 10 SYN packets without an ACK packet, Zabbix will generate alerts that are sent via Telegram and update the dashboard to show a problem. Zabbix was able to accurately detect all ping flooding attempts on the server. However, SYN flooding attacks were not as accurately detected. The use of Zabbix can be implemented in small businesses or networks for an automated monitoring system. Future work can include more DDoS attacks and adding countermeasure actions when detecting attacks by blocking the IP or port associated with the attack. SYN flooding detection needs to be improved because only two out of three attacks were able to be caught.
Abid, K. (2020). Ping Flood Attack Detection via Wireshark. International Journal of Advanced Science and Technology, 29(5), 9595–9601.
Barbu, I. D., Pascariu, C., Bacivarov, I. C., Axinte, S. D., & Firoiu, M. (2017). Intruder monitoring system for local networks using python. Proceedings of the 9th International Conference on Electronics, Computers and Artificial Intelligence, 1–4. https://doi.org/10.1109/ECAI.2017.8166457
Birkinshaw, C., Rouka, E., & Vassilakis, V. G. (2019). Implementing an intrusion detection and prevention system using software-defined networking: Defending against port-scanning and denial-of-service attacks. Journal of Network and Computer Applications, 136(February), 71–85. https://doi.org/10.1016/j.jnca.2019.03.005
Gayathri, R., & Neelanarayanan, V. (2018). DoS detection solution for cloud platform using SNMP. International Journal of Pure and Applied Mathematics, 118(23), 175–183.
Hakim, A. R., Rinaldi, J., & Setiadji, M. Y. B. (2020). Design and Implementation of NIDS Notification System Using WhatsApp and Telegram. 8th International Conference on Information and Communication Technology, 4–7. https://doi.org/10.1109/ICoICT49345.2020.9166228
Johnson, R., & Elizabeth, N. E. (2018). Network’s server monitoring and analysis using Nagios. Proceedings of the 2017 International Conference on Wireless Communications, Signal Processing and Networking, 1904–1909. https://doi.org/10.1109/WiSPNET.2017.8300092
Mardiyono, A., Sholihah, W., & Hakim, F. (2020). Mobile-based Network Monitoring System Using Zabbix and Telegram. International Conference on Computer and Informatics Engineering, 473–477. https://doi.org/10.1109/ic2ie50715.2020.9274582
Nobles, C. (2018). Botching Human Factors in Cybersecurity in Business Organizations. HOLISTICA – Journal of Business and Public Administration, 9(3), 71–88. https://doi.org/10.2478/hjbpa-2018-0024
Salunkhe, H. S., Jadhav, S., & Bhosale, V. (2017). Analysis and Review of TCP SYN Flood Attack on Network with Its Detection and Performance Metrics. International Journal of Engineering Research And, V6(01), 250–256. https://doi.org/10.17577/ijertv6is010218
Sulistya, I. M. A., & Sasmita, G. M. A. (2020). Network Security Monitoring System on Snort with Bot Telegram as a Notification. International Journal of Computer Applications Technology and Research, 9(2), 059–064. https://doi.org/10.7753/ijcatr0902.1004
How to Cite
Copyright (c) 2022 Journal of Computing Research and Innovation
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.