diablo-26
asked on
What is the best way to stop flood attacks on a network? SYN, FIN, RST.
Hello,
We have isolated a flood attack to somewhere in our high school. We did this by unplugging the fiber that connects their building to ours.
What's happens is our router becomes very bogged down due to something sending packets to it like crazy. We have a Sonic Wall 5060 and we're licensed for Intrusion Prevention, Content Filtering, Gateway Antivirus, Anti-Spam... pretty much everything.
However the Sonic Wall will report SYN Floods and FIN Floods happening. Our 3COM 5012 router becomes very slow and the entire network's internet access speed drops to around a 56modem or none at all.
I have Wire Shark and setup a Mirrored port on our router and took some logs from that, and we know some machines that we could scan for viriuses, but I wondered if anybody else has dealt with this and implemented some kind of solution other than just hunting down the machines and cleaning them. Which we will do, but I wish there were some setting on the switches or router that we could turn on to at least keep the network and internet speed somewhat reasonable and usable. We've already lost 2 days worth of internet based work.
Also if anyone has actually hired a company to come in and do this kind of work, please relay that information as well...
Thanks,
M.
We have isolated a flood attack to somewhere in our high school. We did this by unplugging the fiber that connects their building to ours.
What's happens is our router becomes very bogged down due to something sending packets to it like crazy. We have a Sonic Wall 5060 and we're licensed for Intrusion Prevention, Content Filtering, Gateway Antivirus, Anti-Spam... pretty much everything.
However the Sonic Wall will report SYN Floods and FIN Floods happening. Our 3COM 5012 router becomes very slow and the entire network's internet access speed drops to around a 56modem or none at all.
I have Wire Shark and setup a Mirrored port on our router and took some logs from that, and we know some machines that we could scan for viriuses, but I wondered if anybody else has dealt with this and implemented some kind of solution other than just hunting down the machines and cleaning them. Which we will do, but I wish there were some setting on the switches or router that we could turn on to at least keep the network and internet speed somewhat reasonable and usable. We've already lost 2 days worth of internet based work.
Also if anyone has actually hired a company to come in and do this kind of work, please relay that information as well...
Thanks,
M.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, you know I just found that Tipping point site yesterday and sent them an e-mail for more information... Do you know how much they cost? Last year we paid $10,000.00 for this Sonic Wall 5060 and I thought it would do the trick for this type of stuff, but apparently it's not.
Soon as I plug the high school fiber back in, the pings on the router go from 1ms to 900ms, very sporadic...
I think I'll do both, I'll try and pull the machines off and clean or reformat them and also check into that tipping point equipment.
Thanks!
Matt