Hello everyone, I have a little problem at work that I was wondering if anyone could possibly shed any light on...
We have 4 DCs at our main office (2 are DNS and DHCP Servers) and the other two are just DCs (although all 4 of them do have FSMO roles assigned to them.
We have been having some problems recently where our main switch is getting overloaded by what appears to be some DOS attack. We have some software that can sniff all of the packets on our network and we were able to get a snapshot of what was happening to make the switch 'crash' - Basically, 2 of the DCs (1 of which is a DNS&DHCP server but the other is not) seem to be continously sending arp replies to 1 PC in the office. It is always the same two DCs sending ARP replies to the same PC, although we cannot see any traffic generated by the PC asking for an arp address.
I have done various searches on google etc but cannot find anything that seems to fit into this category so any help or suggestions will be greatly appreciated
Thanks in advance
We have 4 DCs at our main office (2 are DNS and DHCP Servers) and the other two are just DCs (although all 4 of them do have FSMO roles assigned to them.
We have been having some problems recently where our main switch is getting overloaded by what appears to be some DOS attack. We have some software that can sniff all of the packets on our network and we were able to get a snapshot of what was happening to make the switch 'crash' - Basically, 2 of the DCs (1 of which is a DNS&DHCP server but the other is not) seem to be continously sending arp replies to 1 PC in the office. It is always the same two DCs sending ARP replies to the same PC, although we cannot see any traffic generated by the PC asking for an arp address.
I have done various searches on google etc but cannot find anything that seems to fit into this category so any help or suggestions will be greatly appreciated
Thanks in advance