Recommendation to counter dos attack
We suspect that the attacker gained access to the network from an internal computer, most likely from a student PC in one of the labs. The attacker then initiate a control attack by activating the BOT's in order to form a BotNet with the goal of intentionally causing online services to become unusable to students.