On Monday our network was severely degraded. The inside of our firewall was getting hammered by thousands of UDP packets (port number 445) with a source and destination address of 127.0.0.1.
We isolated the router that was forwarding the packets and rebooted it. Unfortunately we did not have enough time to deploy to the remote site and put a sniffer on the network to help us further isolate the originating device. Upon doing so the traffic stopped. However, I?m skeptical that this actually fixed the problem. I suspect that it?s a virus and will return and start flooding my network again. I?m also at a loss as to why the router was even forwarding traffic to the gateway router and eventually on to the firewall as the 127.0.0.1 should never by propagated.
Has anyone ever seen this problem or know what might have caused it. Unfortunately our local Cisco engineer was also at a loss.