Guys,
Need an opinion on a way to solve worm outbreak in a Vlan. I am thinking of configuring 'span port' command on a switch and then use sniffer to listen to traffic in a local LAN to identify the problem. I was wondering whether there is any product in the market than I can deploy in my customer LAN to monitor this kind of outbreak. For information, the customer already have Fortigate to protect them from external threat. Which works perfectly at the moment.
The problem is to identify the problem if the network has already been breach due to some of their users notebook which already been infected. One way of doing this, is to let the firewall managed routing between all vlan segments, so that we can detect any anomaly (but the customer isn't very keen on reconfiguring their network). But what if the problem only at layer 2, such as broadcast storm?
Appreciate if anyone can provide their comment or share their experience on this matter.
Rgds,
Sham