Advertisement

04.06.2008 at 05:38PM PDT, ID: 23300209
[x]
Attachment Details

Help in Diagnosis of a Network Traffic Problem affecting core services

Asked by subz0r69z0r in Network Management, Linux Networking, Network Software Firewalls

Tags: IPCOP, 1.4.18, Network Traffic Problem

Hello,

We have an IPCOP box with two Zones, GREEN and RED. The RED interface has an Public IP address and connects directly to a router and out to the Internet. The GREEN interface connects back in to the Local Network. RED IF has port forwarding rules to facilitate core services in the LAN such as Email, VPN, Mobility etc. The GREEN zone has unrestricted access out to the RED zone. Please see attached code snipplet for an (allbeit poor) attempt to draw the network.

The problem we are getting is the pipe out to the Internet is getting flooded with traffic on very regular intervals. When such a surge in traffic occurs extrernal response times to 203.42.x.x sit between 2500-3500ms or simply time out. Of course due to this our core services (VPN, EMAIL) stop working.

Please view attached pictures for the traffic graphs in IPCOP.

GREEN

Traffic is spiking roughly every 2 hours lasting for about an hour. The traffic is incoming on GREEN.

RED

Outbound traffic on RED is corresponding directly with inbound traffic on GREEN.

This has been happening for about 4 days now but is not the first time it has happened. Unless I am reading it wrong the traffic is being generated from inside our network and could possibly be due to a workstation being 'owned'.

If anyone could suggest steps I can take to find the source of the problem and fix I would be most appreciative. I am able to run tcpdump on the IPCOP box but have only ever run this once so if possible provide syntax.

ThanksStart Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:

INTERNET
             |
             |
                    RED/Public IP Addr. 203.42.x.x
           IPCOP
                    GREEN/192.168.1.5
             |
             |
            LAN     192.168.1.0/24
Attachments:
 
green.JPG (49 KB) (File Type Details) 
Daily traffic on GREEN
Daily traffic on GREEN
 
 
greenweekly.JPG (45 KB) (File Type Details) 
Weekly traffic on GREEN
Weekly traffic on GREEN
 
 
red.JPG (57 KB) (File Type Details) 
Daily traffic on RED
Daily traffic on RED
 
 
redweekly.JPG (46 KB) (File Type Details) 
Weekly traffic on RED
Weekly traffic on RED
 
[+][-]04.06.2008 at 05:45PM PDT, ID: 21293745

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04.06.2008 at 06:02PM PDT, ID: 21293778

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.06.2008 at 06:12PM PDT, ID: 21293801

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04.06.2008 at 06:23PM PDT, ID: 21293828

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.06.2008 at 06:27PM PDT, ID: 21293840

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.06.2008 at 06:36PM PDT, ID: 21293853

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Network Management, Linux Networking, Network Software Firewalls
Tags: IPCOP, 1.4.18, Network Traffic Problem
Sign Up Now!
Solution Provided By: RQuadling
Participating Experts: 1
Solution Grade: A
 
 
[+][-]04.06.2008 at 06:38PM PDT, ID: 21293859

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04.06.2008 at 06:42PM PDT, ID: 21293870

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04.06.2008 at 06:53PM PDT, ID: 21293910

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.06.2008 at 07:07PM PDT, ID: 21293957

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04.06.2008 at 07:23PM PDT, ID: 21293995

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.06.2008 at 08:11PM PDT, ID: 21294127

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04.06.2008 at 09:45PM PDT, ID: 21294385

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628