Solved

Win2003 network problems after some time...

Posted on 2004-08-12
11
281 Views
Last Modified: 2010-04-11
I have Windows 2003 server and ADSL 2Mb/s internet connection. Also I have a LAN with 2 XP computers, only one laptop (sometimes appears in network).
Also I have licensed Agnitum Outpost Firewall 2.1 on this win2003 server + some plugins.
Usually I download some working data from ftp servers and so on... Then I have a very strange problem: when I reboot server and dial DSL, internet connection works very fine - very quick, I can connect to all my ftp and mail, but after some time, perhaps 3-4-5 hours, internet become very slow, connections are slow, I.E. opens pages very long, I can't connect to my ftp's and mail servers, but, if I was previously connected to some ftp, speed stay good.
I can't find what the problem is, but I mentioned, if I am not using inet at all it stays in good speed. Before, when in my server was Win XP I didn't have such problems.

Thank you.
0
Comment
Question by:Neoliten
  • 4
  • 4
  • 3
11 Comments
 
LVL 27

Expert Comment

by:pseudocyber
ID: 11782876
Update all antivirus and run full scans.  Run spyware scans with Adaware and SpyBot.  Sounds like a virus.
0
 

Author Comment

by:Neoliten
ID: 11783330
Well, I have realtime file protection from Norton Antivirus 2004 and I just scanned my computer - it's nothing. I also have Ad-aware software and it's clean. I used SpyBot and it found only one DSO Exploit... I will see then, will inet slow down or not..
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 11783346
Can you do any sniffing or any firewall logs to see what's going on with your i'net connection when the symptoms occur?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:Neoliten
ID: 11783455
Yes, I always have firewall on and I analyse logs sometimes. What I should see in this logs? By my view it's nothing wrong with them: no DDOS attacks or something like that. I have dynamic IP address, so if I reconnect, my IP will change, and to attack whole my network - quite impossible.

But can it be, that I have too much outgoing connections and this will kill my connection? Now I have 30 outgoing connection according my firewall, but this value is small.
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 11783831
Yes, outgoing connections was what I would look for - a lot of outbound ICMP - or a lot of traffic from a machine or two when the machine really shouldn't be doing anything.
0
 
LVL 7

Expert Comment

by:Mikealcl
ID: 11786382
Why dont you just have someone with some shell space nmap your connection, use this as a small firewall audit.  Netstat -an from dos should give you some good information too.  

I take it your adsl is PPPOE because you said dial in.  What happens if you disconnect and reconnect with PPPOE without rebooting?  
Have you tried restricting your outgoing open ports?  This is a good practice, and most home users have no use for outgoing ports.  Even if your running
a mail and webserver you only need 4 ports.

I wouldnt jump to conclude that this is indeed a virus/trojan problem.  You will need some sort of traffic monitoring.  I am very familar with this on *BSD based systems, but I am unsure how to go about it on a windows system.   I know in the performance monitor you can set it to watch the traffic on your network card.  That might be your best bet.  Capturing broadcast traffic would be even better, but it doesnt sound like you have an easy way to do that.\


--Mikeal
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 11786441
I just meant it sounded like a virus - not that it was.  I was only proposing a possibility, not diagnosing the cause.
0
 

Author Comment

by:Neoliten
ID: 11786572
As far as I know, when I disconnect and reconnect the problem is still present, inet only become working properly after reboot. What things can produce this sort of problems with my inet? and I restrict my outgoing ports with Outpost Firewall, what ports usually windows using or software using??
Thank you for information, I will try to monitor my traffic and after I will submit the results.
0
 
LVL 7

Expert Comment

by:Mikealcl
ID: 11786690
Windows it depends on the protocols you are communicating with 139 445 are common for windows/netbios.  80 is HTTP 23 is telnet 22 is ssh 443 is HTTPS

I usually get a list off of google when i am unsure.

http://www.iana.org/assignments/port-numbers

^^ That seems to be a good list.

You can also use netstat -s to monitor traffic.

What about restarting the services in the administrative tools that are related to INET?
Cant look them up atm, out of time for now.
0
 

Author Comment

by:Neoliten
ID: 11790679
Thank you for this list, and what about changing MTU value? Could someone explane, what exactly is this value?
I slightly reduced this value and it seems that inet become more stable - 30 hours + high loading. I also block some ports, so it could be solution too.
0
 
LVL 7

Accepted Solution

by:
Mikealcl earned 280 total points
ID: 11792212
This like explains a bit.  Basically, Windows and especially PPPOE are evil.  


http://www.annoyances.org/exec/show/article04-107

0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question