0

Last days I receive reports from my ISP that someone from my network scan ports and trying to connect to openssh services around internet. I assume that nobody does it on purpose, and that someone machine has been infected and does it without owner consciousness.

I am looking for method to determine whose computer scanning internet from my network. I am using Cisco RV345 with several ubiquity access points I know that I need to analyze outgoing traffic but I don't know how to do it without placing machine between router and network - which I can't do right now.

I will be grateful for any suggestions

Bohdan
  • 1
  • *"I assume that nobody does it on purpose"* - I wouldn't be surprised at all if somebody did... – HBruijn Jul 18 '19 at 06:45
  • But the typical trick is to enable port mirroring on your router. Port mirroring sends a copy of network packets seen on one port to a network monitoring connection on another port and on that other port you connect a sniffer / IDS / IPS etc. – HBruijn Jul 18 '19 at 06:49
  • it looks like my router supports it, I will check it – Bohdan Jul 18 '19 at 07:02
  • 1
    @HBruijn thank you for help, I found infected machine – Bohdan Jul 19 '19 at 15:30

0 Answers0