Solved

My Offfice NT LAN hit 100% Utilization Sometimes

Posted on 2003-12-11
7
247 Views
Last Modified: 2010-04-11
Hi!

My office NT LAN will hit 100% utilization rate sometimes and causes the network to go down. It only happens in the past two weeks. Before that wes fine.

All virus and Microsoft pathes are up to date.

Any idea ? or how can we find the caused ?

Thanks,
Nick
0
Comment
Question by:nchai
7 Comments
 
LVL 21

Expert Comment

by:jvuz
ID: 9926540
Look for spyware/adware:

SpyBot-S&D

SpyBot-S&D is an adware and spyware detection and removal tool. This includes removal of certain advertising components, that may gather statistics as well as detection of various keylogging and other spy utilities. In addition, it also securely removes PC and Internet usage tracks, including browser history, temporary pages, cookies (with option to keep selected) and more. The program offers an attractive outlook-style interface that is easy to use and multi-lingual. SpyBot-S&D allows you to exclude selected cookies, programs or extensions from being reported, allowing you to prevent false positive messages for items that you dont want to be alerted of every time. It can even scan your download directory for files that have been downloaded, but not yet installed, allowing you to detect unwanted programs before you even install them. SpyBot produces a detailed and easy to understand report before it deletes any files and allows you to deselect any item that you do not want to be processed. In addition, a recovery feature allows you to restore your settings if needed. Very nice tool, that exceeds the capabilities of the popular Ad-Aware application.

http://www.webattack.com/download/dlspybot.shtml

Ad-aware

AdAware is a privacy tool, that scans your memory, registry, hard, removable and optical drives for known data-mining, aggressive advertising, and tracking components. It then lists the results and offers to remove or quarantine the components. The program detects a wide range of adware/spyware related issues and can be updated with the latest signatures via the built-in update utility. Please be advised that removing certain components may impact the functionality of effected software applications. You should fully read the included Ad-aware documentation before removing any files!

http://www.webattack.com/download/dladaware.shtml


HijackThis

HijackThis is a tool, that lists all installed browser add-on, buttons, starup items and allows you to inspect them, and optionally remove selected items. The program can create a backup of your original settings and also ignore selected items. Additional features include a simple list of all startup items, default start page, online updates and more. Intended for advanced users.

http://www.webattack.com/download/dlhijackthis.shtml

Keylogger Hunter

Keylogger Hunter is a program that attempts to detect any keyloggers that may be running on your computer. It performs a system analysis, which takes about 3-5 minutes and then produces a list of suspicious files (if any). It detected 2 out of 3 running keyloggers in our test. Future versions are planned to be shareware.

http://www.webattack.com/download/dlklhunter.shtml

KL-Detector

KL-Detector is designed to provide a way to find out whether your activity is being recorded with a keylogger application. It uses the fact that most keyloggers create a hidden log file on your hard drive and therefore scans for any suspicious activity during a test period that you have to initiate. Basically, it asks you to use the keyboard for several minutes, type some text or do similar activities, while it is monitoring your system to check if it can detect any suspicious logging activity. KL-Detector is intended for occasional use and not as a permanently running program, as normal PC activity may cause false positives. During our test, it did detect changes in a keylogger log file (that we installed), but it did not find the activity suspicious enough to warn us. Advanced users may get value by inspecting the logged items, however novice users should not rely on the results.

http://www.webattack.com/download/dlkldetector.shtml

X-Cleaner Free

XCleaner is a privacy tool suite that detects and removes installed spyware and adware components and includes tools to securely delete files, edit the registry, disable startup programs and more. Additional features include IE home page protection, cookie, cache and history cleaning, built-in password generator and more. This free version also contains some additional feature options, however they are disabled and require upgrade to a full version. The spyware and adware scanning as well as many cleaning features however can be used freely.

http://www.webattack.com/download/dlxcleaner.shtml

SpywareBlaster

SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage. This allows you to run Internet Explorer with Active-X enabled, but it will never download or even prompt you for any of the known ActiveX controls. All other Active-X controls or plug-ins will work fine. The SpywareBlaster database contains information on these known spyware Active-X controls and can be updated with the click of a button. The application windows displays a list of all controls that it is able to detect (this is not a list of what was found on your computer). The program cannot detect if you have any of the known objects already installed, but if you do, they will be disabled. The program also allows you to take a snapshot of your computer (certain settings) in its clean state and later revert many changes made by spyware and browser hijackers.

http://www.webattack.com/download/dlspywareblaster.shtml

SpywareGuard

SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected. If this is the case, it initially blocks access to the file and then allows the user to select an action. SpywareGuard provides a fast scanning engine, signature-based scanning, heuristic/generic scanning, a control panel, and an online-update utility for downloading of definition updates. It does not replace your anti-virus protection, but instead detects programs that may cause privacy concerns. The list of detected programs includes AdBreak, AdultLinks/LinkZZ, Brilliant Digital, CommonName, Cytron, FreeScratchAndWin, FriendGreetings, HighTraffic, HotBar, IEDisco, iGetNet, Lop.com, MoneyTree Dialer and others.

http://www.webattack.com/download/dlspywareguard.shtml


SpySites

SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software. You can select the sites from the list, or optionally add all of them, or only the "worst offenders". The program then adds the URLs to the IE Restricted Zone settings. Once configured, there is no need to run the program again, unless you want to add additional sites.

http://www.webattack.com/download/dlspysites.shtml
0
 
LVL 5

Expert Comment

by:Insolence
ID: 9927177
Oh man I hate the excessive copy/pasters
0
 
LVL 21

Expert Comment

by:jvuz
ID: 9927352
Why?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 25 total points
ID: 9928024
I would bet $ that you still have some infected machines with Welchia/MSBlast.
Even though the AV signatures may be up to date, the machine could have been infected befor the AV sig was downloaded, and a full system scan was not performed.
Perhaps a laptop user brought it in?
0
 
LVL 18

Accepted Solution

by:
chicagoan earned 25 total points
ID: 9928991
all free:
Drop a sniffer on your network to see where the traffic is coming from.
If your switches have the facility, reset the counters and watch the ports for excessive traffic.
Implement MRTG on your switches, firewall and router if they support snmp to get historical port utilization data.
Draft a security policy regarding peer-to-peer software, internet radio and other bandwidth hogging applications, and publicize it.
Get your firewall syslogging somewhere to do analysis on traffic.
If you have a commercial firewall check out it's reporting capabilities.


 
0
 

Author Comment

by:nchai
ID: 9940261
Hi guys,

Thanks for the informative feedback. After some invstigation we were able to pinpoint the problem. Its was due to the DNS IP refresh that is being activated when we installed the DNS server.

Is there any setting on how we can resolve this huge traffic utilization during IP refresh ?

Nick
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9940328
>DNS IP refresh
What do you mean by IP REFRESH?
This is M$ DNS server? On NT/2000??
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Join & Write a Comment

What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now