Solved

ISP Shuts Down Internet Port due Suspicious Traffic (DOS)

Posted on 2014-01-21
2
576 Views
Last Modified: 2014-03-20
Hi All,

This is related to an old issue which you can view the details of here:
http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28225609.html
(It's worth reading at least the first post)

This issue has again resurfaced, but this time we can not find any suspect software or malware on the individual PC's.

For this reason we are seeking a better way to monitor the SOURCE of this issue and trace down the problem.

Our switches are: Netgear gs752ts
They have a feature called "Auto-DOS Mode" which is currently disabled but can be enabled.
From reading the description it appears this feature is designed to prevent DoS attacks by shutting down the individual port causing the trouble.

We are considering enabling this feature but wanted to get some additional feedback before doing so.

Additionally --
You may have a better suggestion for how we can:
A) Determine where the suspicious traffic is originating
-or-
B) Stop the origination of suspicious traffic in the first place.

I look forward to your advice and feedback on this.
0
Comment
Question by:MPATechTeam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 39798827
Your switch support port mirroring.  What I would suggest is that you mirror the traffic on the port that connected to your Internet router.

Setup a PC with Wireshark, connect it to the target port of the mirror session, and capture traffic for awhile and see if you can see which host within your network is generating the suspect traffic.
0
 

Author Closing Comment

by:MPATechTeam
ID: 39942678
This helped us track down the exact cause of the problem.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question