Malware and bot detection

Good day.
I am involved with an wireless internet company in South Africa and have huge issues at this stage that I am trying to solve.

We are being attacked with multiple DDOS attacks of huge sizes at random times.

And my upstream provider is telling me the trigger is coming from inside.

I insed a few opensource firewall solutions but cant seem to find the trigger.
I susoect i am not installing the right packages or configs are not correct on the systems

If anyone can point me in some direction of where to start and what to install it will be very helpfull.

Thank you so much

State the opensource firewalls installed and the packages you installed. The forum will need specific information if it is going to be able to provide any assistance.

I have tried nethserver with ips based on suricata
I have tried pfsense with pfblocker and snort and also tried suricata.
I enable the rules in the ips that has got anything todo with malware and bots and viruses. I there is alot of false positive alerts/blocks, but that still has not stopped the attack.

You need to first isolate the source addresses of the attacks coming from inside your network.

And that is what i am trying to find

Okay…as Tom has said, you are going to have to see what is causing the traffic from inside your network. Tom’s video will show you how to get “eyes on” your traffic. Then you can determine which MAC addresses are associated with the IP addresses that are causing your issues and then you can shut those devices down.

Thanks. I have implemented this. Cant see anything going out triggering a ddos attack
But still getting attacked with 25gbps attacks daily.
Public ip has been blackholed 3 times allready

Busy now with upstream provider to tell me whatbis going on

Wow…good luck, brickrat!