Solved

ISP Shuts Down Internet Port due Suspicious Traffic (DOS)

Posted on 2014-01-21
2
564 Views
Last Modified: 2014-03-20
Hi All,

This is related to an old issue which you can view the details of here:
http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28225609.html
(It's worth reading at least the first post)

This issue has again resurfaced, but this time we can not find any suspect software or malware on the individual PC's.

For this reason we are seeking a better way to monitor the SOURCE of this issue and trace down the problem.

Our switches are: Netgear gs752ts
They have a feature called "Auto-DOS Mode" which is currently disabled but can be enabled.
From reading the description it appears this feature is designed to prevent DoS attacks by shutting down the individual port causing the trouble.

We are considering enabling this feature but wanted to get some additional feedback before doing so.

Additionally --
You may have a better suggestion for how we can:
A) Determine where the suspicious traffic is originating
-or-
B) Stop the origination of suspicious traffic in the first place.

I look forward to your advice and feedback on this.
0
Comment
Question by:MPATechTeam
2 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 39798827
Your switch support port mirroring.  What I would suggest is that you mirror the traffic on the port that connected to your Internet router.

Setup a PC with Wireshark, connect it to the target port of the mirror session, and capture traffic for awhile and see if you can see which host within your network is generating the suspect traffic.
0
 

Author Closing Comment

by:MPATechTeam
ID: 39942678
This helped us track down the exact cause of the problem.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question