Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Dmitriy Loginov2021-09-09 09:31:28
Computer networks
Dmitriy Loginov, 2021-09-09 09:31:28

How to monitor, detect suspicious traffic?

The office has about 80 computers, the departments are divided into vilans. Most computers have 10, but there are old laptops with 7 more. A normal antivirus is rare. This week the ISP blocked our office IP twice due to suspicious traffic.

After talking with those support, they told me which ports were active. I started "sniffing" the network with tcpdamp'om And indeed I found an infected laptop from which requests are constantly sent to the Internet for ports 22, 8728 and 8291 for different APIs.

The whole office goes to the Internet through a gateway - a regular server with FreeBSD 11.4 On a fryahe as a firewall - Packet Filter (PF)

Tell me how you can monitor, detect such traffic? And how do you keep track of it?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
V
Vladimir Kuts, 2021-09-09
@fox_12

Snort
Suricata

Report
U
Uncle Seryozha, 2021-11-08
@Protos

EDR class solutions

Similar questions
A
alexnem2020-09-26 09:46:45
Big time using a new laptop? 5Reply
M
Michael2016-08-01 14:57:08
The program on Wolfram Mathematica-10 is unclear why it is suspended, why? 2Reply
V
Vitaly Karasik2022-01-20 22:05:59
Strange routing problem, how to debug? 1Reply
B
BlueShell2014-05-17 09:47:44
How does Roskomnadzor block joshworth.com? 2Reply
C
chrispsow2018-11-22 17:23:39
There are many domains linked to one server. How to make unique IP for each domain? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question