Solved

Protect network from SYN Flood and other types of attacks

Posted on 2011-09-14
3
728 Views
Last Modified: 2013-12-07
hi
every so often we have a client's network get killed because a few PC's get infected with malware. these generally flood the network with traffic, bringing internet essentially to a halt. we usually find the culprits through either the AV console (the culprits don't have AV... problem) or our firewall logs.

however sometimes it's not that simple. For example, today, our Sonicwall (192.168.9.2)was reporting the SYN Flood traffic coming from the IP/MAC address of our HP Core Switch (192.168.9.1). That switch has a 192.168.X.1 IP for each of the 4 other subnets, does all the routing between networks, etc.

What i want to know is if there's any way to catch/block this traffic before it totally floods my network (to a point that even the users not infected were affected).

We run all HP managed switches (2800 series mostly) - is there any way to configure them to take action when a particular port has suspicious activity? Either lock down the port, fire off an alert, etc? Or alert us about a MAC address that's problematic (we can trace MAC to the computer/user)?

thanks in advance for any help you can provide.
0
Comment
Question by:tabush
3 Comments
 
LVL 9

Accepted Solution

by:
parparov earned 250 total points
ID: 36540366
SYN cookies are a way to battle SYN_FLOOD. Check if your 2800s support this setting.
0
 
LVL 22

Assisted Solution

by:eeRoot
eeRoot earned 250 total points
ID: 36540623
You can use storm control, as well as limiting the speed on the individual PC ports.  You may want to look into an IPS/IDS system (snort is free http://www.snort.org/)
0
 
LVL 2

Author Closing Comment

by:tabush
ID: 36561664
thanks
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question