We have two clustered ASG 220's with redundant internet connections. Last morning we received some alerts around 2:00 AM about the internet uplink going up and down. I didn't think much of it at the time since our ISP was probably doing maintenance however today on the executive report I noticed a huge spike of inbound bits around this time; way more than I have ever seen before. I can't seem to account for them in the top 10 services category or servers or clients. I checked our web server and it wasn't hit.
Any idea where I can find out if this is an attack of some kind and from what IP address?
This thread was automatically locked due to age.
