Solved

Protect network from SYN Flood and other types of attacks

Posted on 2011-09-14
3
723 Views
Last Modified: 2013-12-07
hi
every so often we have a client's network get killed because a few PC's get infected with malware. these generally flood the network with traffic, bringing internet essentially to a halt. we usually find the culprits through either the AV console (the culprits don't have AV... problem) or our firewall logs.

however sometimes it's not that simple. For example, today, our Sonicwall (192.168.9.2)was reporting the SYN Flood traffic coming from the IP/MAC address of our HP Core Switch (192.168.9.1). That switch has a 192.168.X.1 IP for each of the 4 other subnets, does all the routing between networks, etc.

What i want to know is if there's any way to catch/block this traffic before it totally floods my network (to a point that even the users not infected were affected).

We run all HP managed switches (2800 series mostly) - is there any way to configure them to take action when a particular port has suspicious activity? Either lock down the port, fire off an alert, etc? Or alert us about a MAC address that's problematic (we can trace MAC to the computer/user)?

thanks in advance for any help you can provide.
0
Comment
Question by:tabush
3 Comments
 
LVL 9

Accepted Solution

by:
parparov earned 250 total points
ID: 36540366
SYN cookies are a way to battle SYN_FLOOD. Check if your 2800s support this setting.
0
 
LVL 22

Assisted Solution

by:eeRoot
eeRoot earned 250 total points
ID: 36540623
You can use storm control, as well as limiting the speed on the individual PC ports.  You may want to look into an IPS/IDS system (snort is free http://www.snort.org/)
0
 
LVL 2

Author Closing Comment

by:tabush
ID: 36561664
thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Large and small networks have one same need, Service monitoring. Service monitoring consists of watch services of the several servers in the network. To monitor means that the administrator will receive an alert when a service is down or it's state …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question