?
Solved

DDOS attack

Posted on 2014-03-04
4
Medium Priority
?
69 Views
Last Modified: 2016-01-02
Hi all

The internet connectivity on my network has recently been disrupted by a DDOS attack.  My firewall logs UDP floods coming to our IP address that faces the world when we are on the net.  This then causes our internet to fail completely.  I work at a school where a lot of the students have their own devices.  Im pretty sure that the attack is being initiated from within our network maybe using a program or proxy of some sort that comes back and floods that IP from a number of different IPs.

What I want is to monitor is the network programs that are being run on devices connected to our network.  I was thinking that I could use wireshark on the network to capture all of the traffic during an attack.  What I dont know is what kinds of traffic to filter for withing wireshark.  We have spanning tree enabled on the network devices so wireshark should work just fine.

Any suggestions would be appreciated
0
Comment
Question by:gilmanschool
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 25

Accepted Solution

by:
Ken Boone earned 800 total points
ID: 39904313
If you are experiencing a DDOS attack coming from the outside then you might be able to figure it out.  Wireshark is going to give you so much data and its not the best at collaborating the data for this.   If you have netflow on your internet router or firewall you can pull down a program like scrutinizer and it will show you graphically who is attacking and on what ports.  You can then call your isp and see if they can filter this out on their end to free up your circuit.
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 800 total points
ID: 40072938
Check http://hakin9.org/is-ddos-still-a-threat/
I think it's wise to look at dedicated appliances such as cisco fortinet or juniper which are made to detect and defend. Try with http://www.fortinet.com/products/fortiddos/index.html
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
Check out the latest tech news, community articles, and expert highlights in August's newsletter.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question