Hey all,
I am in a quandry. I use MRTG to monitor bandwidth usage. Last night there was a large spike of traffic that I am able to map through the network. What I don't know how to do is to find out who or how that happened.
Recommend things I can use in the future to do this but right now I of course only have the tools that are already in use. Where should I start to find out what did this.
Attacker shows no scans, no one was in the building, we know it couldn't have been a customer because it didn't use the right interface for that, and it seems to have originated at a router but NOT at either of the subnets off that router.
Thanks,
Diana
I am in a quandry. I use MRTG to monitor bandwidth usage. Last night there was a large spike of traffic that I am able to map through the network. What I don't know how to do is to find out who or how that happened.
Recommend things I can use in the future to do this but right now I of course only have the tools that are already in use. Where should I start to find out what did this.
Attacker shows no scans, no one was in the building, we know it couldn't have been a customer because it didn't use the right interface for that, and it seems to have originated at a router but NOT at either of the subnets off that router.
Thanks,
Diana
Facebook
Twitter