Solved

Strange Looking Packet Capture

Posted on 2014-01-22
3
268 Views
Last Modified: 2014-03-20
Below are screenshots from a packet capture from Wire Shark.  We have two managed switches that are currently set to shutdown any suspected port of a DOS attack.  We have witnessed the switch shutting down the WAN port numerous times.  If we disable the DOS port check in the switches than eventually our ISP will shutdown our internet service.  

We began by blaming malware for this and have done numerous scans of every desktop with multiple products and have found no infections.

The UDP packets that are outbound have check sum errors and the Inbound UDP packets are fine.

Any ideas?
DesktopL.png
DesktopB.png
0
Comment
Question by:MPATechTeam
3 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 250 total points
ID: 39801971
Doesn't the local IP address tell you which machine they are coming from?  Have you tried TCPView http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx and/or Process Explorer http://technet.microsoft.com/en-us/sysinternals/bb896653 to identify the program that is doing this?

It is the goal of the malware and virus writers to create a program that is not identified as a virus or malware.  Anti-virus and anti-malware authors are always playing catch-up to identify and eliminate the new programs.
0
 
LVL 16

Assisted Solution

by:gurutc
gurutc earned 250 total points
ID: 39803146
Also, if you don't have too many local PCs you can try shutting them down one at a time to see if that stops the flood.

- gurutc
0
 

Author Closing Comment

by:MPATechTeam
ID: 39942686
These were helpful in tracking down the trouble.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

To Remove Security Suite for Windows Malware from a Windows XP Machine:  Restart computer in Safe Mode (to do this see http://tinyurl.com/me78p) Login as Administrator Go to My Computer /Tools/ Folder Options/ View/  check mark the selectio…
Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now