el 06-07-2023 01:46 AM
Hi all!
We have a LAN network with a CORE 3850 layer 3 switch and several 2960X layer 2 switches.
We have received a notice from a security agency indicating that a device on our network is making massive requests against a specific IP. The only thing they provide us is the public IP of our WAN router.
How can we determine, at the LAN level, which machine is the originator of these requests? Is there some kind of 'debug' for IP traffic where a destination IP can be indicated?
Thanks for your help.
el 06-07-2023 03:02 AM
meaning one PC in your network have virus send DDoS to ISP ?
el 06-07-2023 03:10 AM
Exactly!
How (for example through a 'debug' that shows the destination IP of the requests) could I locate the MAC address of that device?
Thank you very much
el 06-07-2023 03:22 AM
show interfaces | include line | input <<- in each SW, do this three or four times
check the input traffic for each port which one is increase rapidly, then shut the port and check the DDoS with ISP
Descubra y salve sus notas favoritas. Vuelva a encontrar las respuestas de los expertos, guías paso a paso, temas recientes y mucho más.
¿Es nuevo por aquí? Empiece con estos tips. Cómo usar la comunidad Guía para nuevos miembros
Navegue y encuentre contenido personalizado de la comunidad