I noticed an unusual spike in TCP and UDP flows from a single internal source to multiple destinations. What steps you would take to determine the type of traffic that this represents?
To address a spike in TCP and UDP flows, run a packet sniffer such as
or CommView on a hub connected to the target device. Both these programs give you the opportunity to filter traffic during capture and post-capture to determine what is going on. Filters can be set for individual ports or protocols, as well as source and destination IP addresses. You can also rebuild sessions using either of these tools. If the device is non-critical, you may wish to isolate it first, in case it has been infected with malware.
When sensitive documents are frequently travelling back and forth between a company and its business partners, email security becomes very important....
In this expert response, Peter Wood outlines some alternatives to NAC systems, and explains why, sometimes, NAC systems really are the best choice.
In this expert response, Peter Wood explains the difference between database activity monitoring systems and security information and event ...