anyone ever get thier network attacked where it causes short bursts of loss of service? like for example every month for the last 4 months around this time of the month we get “attacked” for a few days. If i ping my access points they usually return a ping of 5-10ms, during an attack i will ping 5-10 ms for about 3 minutes then drop packets and run at about 17% packet loss on all sites…i installed a program called commview which allows you view packets on your network and i will recieve millions of packets in seconds from a 0.0.0.0 address to 3 of my customers IP addresses…If i remove those 3 IP’s that are getting the attack 3 more random IP’s will start recieving millions of packets from 0.0.0.0
Then i also have about 100 of my IP’s sending small packets to 0.0.0.0
Has anyone ever seen or heard anything about this?
im about to go nuts any info would be awesome
Since it’s in groups of three at the same time of the month I suspect it’s not a hacker. I am guessing that a machine on your network is infected and/or hijacked without the owner’s knowlege.
Is this DOS a ping attack, or a specific port spewing? I think you can look at this with MRTG, or perhaps another tool like it where you can monitor the traffic on your network by port. If a machine is port-scanning or spewing, you should be able to hunt it down.
Once you find it, then you can alert the customer, and/or shut down ports on the radio, or if they won’t get it fixed turn off their ethernet port on the radio until they do. This should be written into your service agreement.
Jerry Richardson
airCloud communications