cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
221
Views
0
Helpful
1
Replies

packet attack on network. Need recommendation

existhosting
Level 1
Level 1

Hello,

1) Yesterday night, I got a lot of packet loss on my network, turns out that I usually run at 20,000 packets per second and it spiked up to 70,000 packets per second. I have a Cisco 3550 SMI 48 port with 2 GIG ports.

Now on my provider GIG port (on my switch) it said something like 647 millions packets ignored, this is why we got all these packet losses, seems like everything stabilized but I really need to know what caused that and HOW to prevent it in the future, maybe packet sniffing etc...

2) Also, after that attack, my CPU usage on the switch instead of going back to its normal 2-3 percent usage, it stays up at 17 percent, how to fix that?

Can someone PLEASE help and recommend me things to do for both number 1 & 2 ?

Thanks

1 Reply 1

andrew100
Level 1
Level 1

Hi,

Have you tried enabling netflow on the switch? On the switchport in question, enable 'ip route-cache flow'. Then a 'show ip cache flow' will list the source and destination flows between hosts on the network. On the right will be a list of port numbers that are used in the flow in Hex. Convert this to decimal (Windows Calculator) to determine the port and check if this is a port used by a virus. If the same source address appears hundreds of times that can point towards a virus on that host.

I hope this helps :-)

Andy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: