Network Slowness on my T1 Circuit

I have a T1 and as of the past few days its been very slow.  I have a solarwinds network performance montior installed and its telling me that my transmit rate on my T1 is at 97%.  When looking at my netflow data it lists my top 5 transmitters.  See below:  They are all yahoo mail servers:

Top 5 Transmitters
Last 15 Minutes
    Endpoint Total Bytes Total Packets Percent
  mta-v3.mail.vip.mud.yahoo.com (66.94.237.64)  483.4 Kbytes 11.977 K packets 16.91%
  mta-v2.mail.vip.mud.yahoo.com (66.94.236.34)  453.1 Kbytes 11.26 K packets 15.85%
  mta-v1.mail.vip.ac4.yahoo.com (67.195.168.31)  449.8 Kbytes 11.235 K packets 15.74%
  mta-v1.mail.vip.sk1.yahoo.com (74.6.136.65)  443.8 Kbytes 11.072 K packets 15.53%
  mta-v1.mail.vip.re4.yahoo.com (206.190.54.127)  429.8 Kbytes 10.733 K packets 15.04%

Can anyone explain this?  Why 5 different yahoo servers are 5 biggest trasmitters?  I guess I could block these addresses on the firewall.   Any thoughts?

LVL 4
denver218Asked:
Who is Participating?
 
rcombisConnect With a Mentor Commented:
Here are some thoughts.

Maybe one of your computers in your network is spamming?

Maybe one or more of your users is sending attachments out via yahoo mail?

Is this inbound or outbound transmission?

Can you get a list of internal IPs to see who is hogging the bandwidth?  (Is your monitor inside or outside of your firewall?  Maybe you could set up an internal monitor to narrow down who is using what bandwidth?  After you narrow it down you could look at those few machines to get a better idea of what the user/users is doing that is hogging up bandwidth)

Think about upgrading.  I had a client that had a T1 line.  We installed a business class cable modem that was 1/5 of the price and 20-30 times faster.
0
 
rfc1180Commented:
>Can anyone explain this?  Why 5 different yahoo servers are 5 biggest trasmitters?

It is either legit or not, you would only know this. If this is not normal, then you can always contact yahoo

bguthrie@neteng01 ~ $ whois 206.190.54.127 | grep -i abuse
OrgAbuseHandle: NETWO857-ARIN
OrgAbuseName:   Network Abuse
OrgAbusePhone:  +1-408-349-3300
OrgAbuseEmail:  network-abuse@cc.yahoo-inc.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/NETWO857-ARIN


This could be related to a virus outbreak, an attack, etc

Billy
0
 
denver218Author Commented:
My monitor is on the outside, I have netflow configured on my Cisco Router.  I wanted to cofnigure netflow on my cisco pix so I could monitor the inside LAN by the PIX 506E doesn't support netflow.  Any ideas on how I can analyze the inside LAN?  Thanks.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
ArneLoviusCommented:
ntop on a linux box connected to a span port that mirrors the PIX internal port
0
 
denver218Author Commented:
This ended up to be an ISP issue.  When I would do a simple ping to www.google.com I got replies but they were about 1000ms.  I called the ISP and I'm not sure what they did but things magically got back to normal.  They claim they didn't do anything.  As far as why those yahoo servers were the 5 biggest tranmitters on my network, this is because employees that work there have thier yahoo email forwarded to their blackberry.  
0
 
denver218Author Commented:
Ended up being an ISP issue
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.