Hello All,
I'm kinda new to working with Palo Alto equipment and networking isn't really my forte. I had my net+ in high school but I have a bachelors in hardware engineering.. so please bare with me.
I take care of a banks IT and I think they're getting hit with a denial of service attack from many different sources. They're sucking GB of data slowing down the network tremendously. At least from what I can understand by looking at the different network activity. Here is an example of what I'm looking at in the Source Activity. None of those IPs are ones that the bank needs to communicate with.
https://i.gyazo.com/9da564df57103b6cafda56a568d6647c.png
Here is the 7 day. You can see it increase by quite a bit.
https://i.gyazo.com/8d31a0bf1f9a0325f26cf11f3b6896f0.png
I tried setting up block rule(s) according to the guys at Palo they should be set up properly. I had support there verify them. But from waiting overnight it appears that they're still not working. Here is what they look like.
https://i.gyazo.com/369e6d6f6cd47828a34f916043351890.png
I'm honestly at a loss, I don't know what to do at this point.
No comments:
Post a Comment