I have been having network issues. The users report to me problems with the internet, but actually the problem is on my network. I have a sonicwall firewall and the device logs indicate posible tcp attacks like tcp flood, tcp syn and others. I have many APs and the users (Teachers and students) use their own devices, the I don't have control like a good antivirus in those pcs because I work for a college.
The second image with the ping output is the outcome of to do ping to my LAN interface. When the problem happens on my network I have seen that the times they are very high, sometime there is too packet loss and in this case the time is like a loop. For example, It start at 200ms and decreases, but again the time become to be high. The time must be just 2 ms because is between 2 devices in my LAN network, my pc and the LAN interface on the firewall
I have been reading about attacks. Smurf attack symptoms in certain aspects match with the problems in my network. Also some persons have said me could be a broadcast storm and this generate many traffic and this cause saturation.
I'll be grateful for your opinion
Best Answer
I agree with Ricky Beam. You'll have to get a packet capture of the Firewall to see if you are receiving responses for a spoofed broadcast request not made by the SonicWall. Only then would we see if a Smurf / Fraggle attack is happening.
I would check performance statistics and logs on the AP's (wireless) and the SonicWall Firewll. I'd get SNMP setup to look at bandwidth utilization. Start ruling things out.