Link to home
Start Free TrialLog in
Avatar of tabush
tabush

asked on

Protect network from SYN Flood and other types of attacks

hi
every so often we have a client's network get killed because a few PC's get infected with malware. these generally flood the network with traffic, bringing internet essentially to a halt. we usually find the culprits through either the AV console (the culprits don't have AV... problem) or our firewall logs.

however sometimes it's not that simple. For example, today, our Sonicwall (192.168.9.2)was reporting the SYN Flood traffic coming from the IP/MAC address of our HP Core Switch (192.168.9.1). That switch has a 192.168.X.1 IP for each of the 4 other subnets, does all the routing between networks, etc.

What i want to know is if there's any way to catch/block this traffic before it totally floods my network (to a point that even the users not infected were affected).

We run all HP managed switches (2800 series mostly) - is there any way to configure them to take action when a particular port has suspicious activity? Either lock down the port, fire off an alert, etc? Or alert us about a MAC address that's problematic (we can trace MAC to the computer/user)?

thanks in advance for any help you can provide.
ASKER CERTIFIED SOLUTION
Avatar of parparov
parparov
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of tabush
tabush

ASKER

thanks