Good morning world. At the beginning of the week I was helping a customer who found he had been attacked by the Downadup/conficker Worm. This worm pounded his network! The customer explained to me that the worm came in with a brute force attack, which infected his computers that were not updated. He then saw the traffic on his network almost triple. The Downadup/Conficker Worm generated 250 domain names per day that scanned his network, infected his computers, and tried to go to the Internet. Because of the way this customer had set up his network, the worm was not able to pass through his Proxy to the Internet.
The customer looked at his Flow Analytics and saw that he was having Excessive SYN Violations. SYN Violations indicate a denial-of-service attack. Because the worm was not able to get through the Proxy, it created a denial of service. This customer was able to click on the SYN Violations in Flow Analytics and pick off which computers were infected and patch them up.
The customer was able to patch up his servers and his computers in a timely manner with the help of Flow Analytics; traffic has slowed down and his network is back to normal.