How to catch the source of hundreds of thousands of outgoing connections directed to the gateway and to external Internet addresses?

E

Egor2016-11-22 12:26:31

Computer networks

Egor, 2016-11-22 12:26:31

Hello, I'm asking for advice. There is one computer in the network, which periodically with explosive force begins to generate outgoing UDP sessions to the gateway and to the addresses of search engines, providers, hosters. Sislog counted the last time in 4 minutes about 800,000 sessions.
The person is an SEO specialist, he used all sorts of tools like SEO Smart Tools and others, they demolished everything, turned off all plug-ins in the browser.
The computer is running KIS 2016, we checked avz, gmer, kaspersky rescue disk, kaspersky removal tool.
Only Net-Worm.Win32.Kido was found, but it does not fit our situation.
The most interesting thing is that they put him another computer, and as soon as the Mozilla opened, the sessions immediately began to crumble.
They put him Vivaldi, there was silence for several days, but everything returned again, although it does not fall so often.
Where else to dig?)

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

C

Cool Admin, 2016-11-22
@ifaustrue

Look for another culprit. It looks like you are looking in the wrong place.
UDP is easy to forge and send with a broken / alien src-ip
You need to search by MAC, network segments, ports on switches and loads on the network cards of the original PCs.

E

Egor, 2016-11-22
@y0hm

We have mac binding set up, everything that is not on the list can’t send anything anywhere, in theory. Or is that also easy to get around?