Solved

Traffic causing network problems

Posted on 2004-04-28
4
267 Views
Last Modified: 2010-04-17
We have twice in the past week seen this traffic that appears to be coming from outside our network at first glance to one of our DSL customers.

9      IP-66.119.33.206      IP-172.16.7.248            64      19:04:26.199174      HTTPS      Src=  443,Dst= 2198
10      IP-66.119.33.206      IP-172.16.7.248            64      19:04:26.214186      HTTPS      Src=  443,Dst= 2198
11      IP-66.119.33.206      IP-172.16.7.248            64      19:04:26.244356      HTTPS      Src=  443,Dst= 2198
12      IP-66.119.33.206      IP-172.16.7.248            64      19:04:26.256164      HTTPS      Src=  443,Dst= 2198
13      IP-66.119.33.206      IP-172.16.7.248            64      19:04:26.268733      HTTPS      Src=  443,Dst= 2198

While this traffic is present other customers on this network can no longer access the Internet nor can they renew or receive an IP address from our dhcp server.

The 66 address resolves to marketscore.com. Anyone seen this before? One item that comes to mind is that I placed a ACL in our edge router to block all traffic from this particular address with no results. That makes me think the traffic may not have been actually coming from outside. It's currently not happening but if it does again I'll be better able to identify if it in in fact coming from outside.

0
Comment
Question by:fallonsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 3

Accepted Solution

by:
justintx earned 250 total points
ID: 10941943
hmmmm.... marketscore is a proxy that routes all internet traffic through their servers.  block all inbound and outbound to those ips and tell your user to uninstall it.  they also log all that user's web traffic.

justintx
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 10944471
Is there any traffic the other direction? It would seem that this traffic is return traffic since it's ssl to a high-numbered port. Or... it's spoofed traffic that's causing your customer a DOS because it doesn't know what to do with these packets?
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 800 router unable to connect through TPG network 12 48
can't ssh to external IP 9 89
Upgrading from Sonicwall Tz210 6 56
DVR Camera Security System Port Forwading 7 75
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question