<div>
These were helpful in tracking down the trouble.
</div>


These were helpful in tracking down the trouble.

<div>
<div class="content wysiwyg-content">
Below are screenshots from a packet capture from Wire Shark. &nbsp;We have two managed switches that are currently set to shutdown any suspected port of a DOS attack. &nbsp;We have witnessed the switch shutting down the WAN port numerous times. &nbsp;If we disable the DOS port check in the switches than eventually our ISP will shutdown our internet service. &nbsp;<br />
<br />
We began by blaming malware for this and have done numerous scans of every desktop with multiple products and have found no infections. <br />
<br />
The UDP packets that are outbound have check sum errors and the Inbound UDP packets are fine.<br />
<br />
Any ideas?<br />
<a href="https://filedb.experts-exchange.com/incoming/2014/01_w04/829928/DesktopL.png" target="_blank" class="file-inline" title="packetCapture1 (71 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>DesktopL.png</a><br />
<a href="https://filedb.experts-exchange.com/incoming/2014/01_w04/829929/DesktopB.png" target="_blank" class="file-inline" title="packetCapture2 (62 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>DesktopB.png</a>
</div>
</div>


DesktopB.png

DesktopL.png

Below are screenshots from a packet capture from Wire Shark.  We have two managed switches that are currently set to shutdown any suspected port of a DOS attack.  We have witnessed the switch shutting down the WAN port numerous times.  If we disable the DOS port check in the switches than eventually our ISP will shutdown our internet service.  

We began by blaming malware for this and have done numerous scans of every desktop with multiple products and have found no infections. 

The UDP packets that are outbound have check sum errors and the Inbound UDP packets are fine.

Any ideas?

Strange Looking Packet Capture

Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge; it has also come to include programs that engage in various kinds of electronic fraud. Anti-spyware is software that removes or blocks that software; some common vendors include Malwarebytes, McAfee, Spybot-Search and Destroy, Ad-Aware and BitDefender.