Solved

Strange Looking Packet Capture

Posted on 2014-01-22
3
269 Views
Last Modified: 2014-03-20
Below are screenshots from a packet capture from Wire Shark.  We have two managed switches that are currently set to shutdown any suspected port of a DOS attack.  We have witnessed the switch shutting down the WAN port numerous times.  If we disable the DOS port check in the switches than eventually our ISP will shutdown our internet service.  

We began by blaming malware for this and have done numerous scans of every desktop with multiple products and have found no infections.

The UDP packets that are outbound have check sum errors and the Inbound UDP packets are fine.

Any ideas?
DesktopL.png
DesktopB.png
0
Comment
Question by:MPATechTeam
3 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 250 total points
ID: 39801971
Doesn't the local IP address tell you which machine they are coming from?  Have you tried TCPView http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx and/or Process Explorer http://technet.microsoft.com/en-us/sysinternals/bb896653 to identify the program that is doing this?

It is the goal of the malware and virus writers to create a program that is not identified as a virus or malware.  Anti-virus and anti-malware authors are always playing catch-up to identify and eliminate the new programs.
0
 
LVL 16

Assisted Solution

by:gurutc
gurutc earned 250 total points
ID: 39803146
Also, if you don't have too many local PCs you can try shutting them down one at a time to see if that stops the flood.

- gurutc
0
 

Author Closing Comment

by:MPATechTeam
ID: 39942686
These were helpful in tracking down the trouble.
0

Featured Post

ScreenConnect 6.0 Free Trial

Check out the updates in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI that improves session organization and overall user experience. See the enhancements for yourself!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
A virus remnants 4 73
Ransomware infection file server shares... 6 82
Anti exploit excel 3 160
PUP or Virus 6 77
Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question