Solved

ISP Shuts Down Internet Port due Suspicious Traffic (DOS)

Posted on 2014-01-21
2
569 Views
Last Modified: 2014-03-20
Hi All,

This is related to an old issue which you can view the details of here:
http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28225609.html
(It's worth reading at least the first post)

This issue has again resurfaced, but this time we can not find any suspect software or malware on the individual PC's.

For this reason we are seeking a better way to monitor the SOURCE of this issue and trace down the problem.

Our switches are: Netgear gs752ts
They have a feature called "Auto-DOS Mode" which is currently disabled but can be enabled.
From reading the description it appears this feature is designed to prevent DoS attacks by shutting down the individual port causing the trouble.

We are considering enabling this feature but wanted to get some additional feedback before doing so.

Additionally --
You may have a better suggestion for how we can:
A) Determine where the suspicious traffic is originating
-or-
B) Stop the origination of suspicious traffic in the first place.

I look forward to your advice and feedback on this.
0
Comment
Question by:MPATechTeam
2 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 39798827
Your switch support port mirroring.  What I would suggest is that you mirror the traffic on the port that connected to your Internet router.

Setup a PC with Wireshark, connect it to the target port of the mirror session, and capture traffic for awhile and see if you can see which host within your network is generating the suspect traffic.
0
 

Author Closing Comment

by:MPATechTeam
ID: 39942678
This helped us track down the exact cause of the problem.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question