?
Solved

ISP Shuts Down Internet Port due Suspicious Traffic (DOS)

Posted on 2014-01-21
2
Medium Priority
?
597 Views
Last Modified: 2014-03-20
Hi All,

This is related to an old issue which you can view the details of here:
http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28225609.html
(It's worth reading at least the first post)

This issue has again resurfaced, but this time we can not find any suspect software or malware on the individual PC's.

For this reason we are seeking a better way to monitor the SOURCE of this issue and trace down the problem.

Our switches are: Netgear gs752ts
They have a feature called "Auto-DOS Mode" which is currently disabled but can be enabled.
From reading the description it appears this feature is designed to prevent DoS attacks by shutting down the individual port causing the trouble.

We are considering enabling this feature but wanted to get some additional feedback before doing so.

Additionally --
You may have a better suggestion for how we can:
A) Determine where the suspicious traffic is originating
-or-
B) Stop the origination of suspicious traffic in the first place.

I look forward to your advice and feedback on this.
0
Comment
Question by:MPATechTeam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 2000 total points
ID: 39798827
Your switch support port mirroring.  What I would suggest is that you mirror the traffic on the port that connected to your Internet router.

Setup a PC with Wireshark, connect it to the target port of the mirror session, and capture traffic for awhile and see if you can see which host within your network is generating the suspect traffic.
0
 

Author Closing Comment

by:MPATechTeam
ID: 39942678
This helped us track down the exact cause of the problem.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This program is used to assist in finding and resolving common problems with wireless connections.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question