(After receiving a customer's help, I recently made an online "outcall". This is a network failure caused by the ddos ??attack of the puppet host. The case is relatively typical, and the troubleshooting process is also quite curved. The author will restore its process and share it with you. ) 1. Network environment The client is a chemical company, and the network design is not large. A local area network consisting of more than ten switches has about 150 nodes. There is no distinction between VLANs, - some hosts run the IPX protocol, and the other run the TCP/IP protocol. During this period, only a small number of hosts can access the Internet, and the access mode is that the ADSL router directly connects to a switch in the network. The ADSL router has enabled its own firewall function, and all hosts that can access the Internet have installed anti-virus software. 2. Fault description One day recently, the entire network was suddenly paralyzed. It can be seen that the indicator lights of all switch ports are flashing rapidly. The test shows that any two hosts in the network cannot ping each other, and all network use cannot be performed normally. After unplugging part of the network cable (level connection between switches), the performance slowed down and finally returned to normal. Insert the unplugged network cables back to their original positions one by one, and the fault situation does not reappear. Since then, this scene has appeared irregularly and irregularly.)