Link to home
Start Free TrialLog in
Avatar of denver218
denver218Flag for United States of America

asked on

Network Slowness on my T1 Circuit

I have a T1 and as of the past few days its been very slow.  I have a solarwinds network performance montior installed and its telling me that my transmit rate on my T1 is at 97%.  When looking at my netflow data it lists my top 5 transmitters.  See below:  They are all yahoo mail servers:

Top 5 Transmitters
Last 15 Minutes
    Endpoint Total Bytes Total Packets Percent
  mta-v3.mail.vip.mud.yahoo.com (66.94.237.64)  483.4 Kbytes 11.977 K packets 16.91%
  mta-v2.mail.vip.mud.yahoo.com (66.94.236.34)  453.1 Kbytes 11.26 K packets 15.85%
  mta-v1.mail.vip.ac4.yahoo.com (67.195.168.31)  449.8 Kbytes 11.235 K packets 15.74%
  mta-v1.mail.vip.sk1.yahoo.com (74.6.136.65)  443.8 Kbytes 11.072 K packets 15.53%
  mta-v1.mail.vip.re4.yahoo.com (206.190.54.127)  429.8 Kbytes 10.733 K packets 15.04%

Can anyone explain this?  Why 5 different yahoo servers are 5 biggest trasmitters?  I guess I could block these addresses on the firewall.   Any thoughts?

Avatar of rfc1180
rfc1180
Flag of United States of America image
>Can anyone explain this?  Why 5 different yahoo servers are 5 biggest trasmitters?

It is either legit or not, you would only know this. If this is not normal, then you can always contact yahoo

bguthrie@neteng01 ~ $ whois 206.190.54.127 | grep -i abuse
OrgAbuseHandle: NETWO857-ARIN
OrgAbuseName:   Network Abuse
OrgAbusePhone:  +1-408-349-3300
OrgAbuseEmail:  network-abuse@cc.yahoo-inc.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/NETWO857-ARIN


This could be related to a virus outbreak, an attack, etc

Billy
ASKER CERTIFIED SOLUTION
Avatar of rcombis
rcombis
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of denver218
denver218
Flag of United States of America image

ASKER

My monitor is on the outside, I have netflow configured on my Cisco Router.  I wanted to cofnigure netflow on my cisco pix so I could monitor the inside LAN by the PIX 506E doesn't support netflow.  Any ideas on how I can analyze the inside LAN?  Thanks.
Avatar of ArneLovius
ArneLovius
Flag of United Kingdom of Great Britain and Northern Ireland image
ntop on a linux box connected to a span port that mirrors the PIX internal port
Avatar of denver218
denver218
Flag of United States of America image

ASKER

This ended up to be an ISP issue.  When I would do a simple ping to www.google.com I got replies but they were about 1000ms.  I called the ISP and I'm not sure what they did but things magically got back to normal.  They claim they didn't do anything.  As far as why those yahoo servers were the 5 biggest tranmitters on my network, this is because employees that work there have thier yahoo email forwarded to their blackberry.  
Avatar of denver218
denver218
Flag of United States of America image

ASKER

Ended up being an ISP issue