Howdy,
I am not sure if this is the proper place, if not I’ve noticed you guys
know what to do so I’ll put the fire retardant suit on now. Recently due
to growth we have seen an influx of “different” and “interesting”
types of characters ending up on our network. They like to do all sorts of
things, port scan /8s spam, setup botnets with the controllers hosted on my
network.. etc. I’m wondering what is the best way to detect people doing
these things on my end. I realize there are methods to protect myself from
people attacking from the outside but I’m not real sure how to pinpoint
who is really being loud on the inside.
I did have one somewhat silly
question.. if you look at the statistics of a Fast Ethernet port, and it is
doing both 2000 pps out, and 2000 pps in (pretty much equal in/out) but hardly
any bandwidth at all can anyone think of a single application that would mimic
that behavior?
Sorry if this is elementary network school knowledge.
-Drew