[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 623
  • Last Modified:

ISP Shuts Down Internet Port due Suspicious Traffic (DOS)

Hi All,

This is related to an old issue which you can view the details of here:
http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28225609.html
(It's worth reading at least the first post)

This issue has again resurfaced, but this time we can not find any suspect software or malware on the individual PC's.

For this reason we are seeking a better way to monitor the SOURCE of this issue and trace down the problem.

Our switches are: Netgear gs752ts
They have a feature called "Auto-DOS Mode" which is currently disabled but can be enabled.
From reading the description it appears this feature is designed to prevent DoS attacks by shutting down the individual port causing the trouble.

We are considering enabling this feature but wanted to get some additional feedback before doing so.

Additionally --
You may have a better suggestion for how we can:
A) Determine where the suspicious traffic is originating
-or-
B) Stop the origination of suspicious traffic in the first place.

I look forward to your advice and feedback on this.
0
MPATechTeam
Asked:
MPATechTeam
1 Solution
 
giltjrCommented:
Your switch support port mirroring.  What I would suggest is that you mirror the traffic on the port that connected to your Internet router.

Setup a PC with Wireshark, connect it to the target port of the mirror session, and capture traffic for awhile and see if you can see which host within your network is generating the suspect traffic.
0
 
MPATechTeamAuthor Commented:
This helped us track down the exact cause of the problem.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now