Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Protect network from SYN Flood and other types of attacks

Posted on 2011-09-14
3
Medium Priority
?
742 Views
Last Modified: 2013-12-07
hi
every so often we have a client's network get killed because a few PC's get infected with malware. these generally flood the network with traffic, bringing internet essentially to a halt. we usually find the culprits through either the AV console (the culprits don't have AV... problem) or our firewall logs.

however sometimes it's not that simple. For example, today, our Sonicwall (192.168.9.2)was reporting the SYN Flood traffic coming from the IP/MAC address of our HP Core Switch (192.168.9.1). That switch has a 192.168.X.1 IP for each of the 4 other subnets, does all the routing between networks, etc.

What i want to know is if there's any way to catch/block this traffic before it totally floods my network (to a point that even the users not infected were affected).

We run all HP managed switches (2800 series mostly) - is there any way to configure them to take action when a particular port has suspicious activity? Either lock down the port, fire off an alert, etc? Or alert us about a MAC address that's problematic (we can trace MAC to the computer/user)?

thanks in advance for any help you can provide.
0
Comment
Question by:tabush
3 Comments
 
LVL 9

Accepted Solution

by:
parparov earned 1000 total points
ID: 36540366
SYN cookies are a way to battle SYN_FLOOD. Check if your 2800s support this setting.
0
 
LVL 22

Assisted Solution

by:eeRoot
eeRoot earned 1000 total points
ID: 36540623
You can use storm control, as well as limiting the speed on the individual PC ports.  You may want to look into an IPS/IDS system (snort is free http://www.snort.org/)
0
 
LVL 2

Author Closing Comment

by:tabush
ID: 36561664
thanks
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses
Course of the Month12 days, 21 hours left to enroll

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question