I got this problem: whenever I plug a Linux-server into the intranet, the whole network slows down and then die. Every ping/ssh connection between the intranet yields time out. I unplugged it, then everything came back to normal. Searching around suggested me (note, this is my assumption, I can be wrong) it might be an internal SYN flood attack, somehow a malware got into the culprit machine and did a SYN flood attack to the router.
I can log in to the suspected machine, via direct GUI. What Linux command I should start to inspect?
Thanks