Solved

URGENT - Slow internet performance

Posted on 2010-11-16
24
516 Views
Last Modified: 2012-05-10
Our internet slows down intermittently during business hour and causes a lot of disruption. We see a lot connections to 216.156.213.35 .32 .34 etc IPs but can't figure out what network is it or if it is a virus. We track down the PCs where the connections come from using X-Netstat but none of the connections go to  216.156.213.xxx network - rootkit?

Need some assistance here

thank you so much
0
Comment
Question by:piotrmikula108
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 4
  • +4
24 Comments
 
LVL 2

Accepted Solution

by:
ElDiabloBlanco earned 125 total points
ID: 34148902
first - block that IP in your firewall. if its something you actually need, someone will yell about it when it stops working.

then, worry about where its coming from...

check auto update settings for adobe, java, MS, antivirus, etc...
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 125 total points
ID: 34148917
No, 216.156.213.35 is an Akamai server.  They mirror large sites (for a fee) so that the content can be returned more quickly.  It spreads out the load on the actual servers to speed up access.  http://www.akamai.com/

The original request could be to any large site that uses Akamai to deliver their content.  Some of their customers are listed on http://www.akamai.com/html/customers/index.html .
0
 
LVL 5

Assisted Solution

by:mooodiecr
mooodiecr earned 250 total points
ID: 34148955
Well that network of 216.156.213.35 is a web hosting service.  It runs on AkamiGhost web services.  It also helps balance out sites or DNS queries of large networks.  I would be concerned if it is taking up that much bandwidth but you need to figure out why type of traffic it is.  McAfee seems to have never seen any suspicious traffic from that particular IP address, but that doesn't mean it doesn't have any.

http://www.trustedsource.org/TS?do=feedback&subdo=query&q=216.156.213.35 <change the IP to whatever for info on an IP>

What happens if you just block the destination IP addresses?  does anything fail?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Expert Comment

by:Bawer
ID: 34148962
how many machines are using the bandwidth , is there any filtering software in between of its only ICS.
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 34149033
We deployed a week ago Zenith SAAZ agent that included the PC monitoring agent, SpyBot agent and Logmein
0
 
LVL 5

Assisted Solution

by:mooodiecr
mooodiecr earned 250 total points
ID: 34149081
Well Logmein does host some of its connection portals on Akamai.  As I think they are all part of the same umbrella company.  That could be part of it. :S
0
 
LVL 10

Expert Comment

by:Bawer
ID: 34149107
What is the total bandwidth and the count of machines, why i am asking this question is that the same case happened with me too and i found the solution.
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 34149208
well we have about 25 machines inside the office and 30 users outside using web application hosted behind the main office firewall - I tried to track which PCs are the most active but it's very random - we only have 1 T1 line - not a lot
0
 
LVL 3

Expert Comment

by:F_A_H_D
ID: 34149309
the best way to track it ... track it manually .. i mean unplugged the cables one by one till u reach the machine make the noise
0
 
LVL 10

Expert Comment

by:Bawer
ID: 34149313
here are some tips,

1) get the list of all machines using internet,
2) check all the services running on those machines, i believe 25 are less as compared to what i found among the 300 machines.
3) disable all the windows update services and instead keep on WSUS server , i believe u must be having a internal domain.
4) disable all AV self updating services and instead install a AV admin server to serve all the clients.

have EMCO network monitoring and malware cleaner, with network monitor control the machines using different applications and with malware cleaner clean the infected machines.

Only above centralization will work for u else many servers and apps will certainly eat up all the bandwidth.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 34149418
You might want to look at this: http://zenithinfotech.com/en/Solutions/Managed%20Services/Desktop%20Management/~/media/Files/Company/MSIBrochure.ashx  It looks like Zenith SAAZ agent has increased your connection needs a lot because it is constantly interacting with the Zenith servers which may on the Akamai hosting.  You may need more than a single T1 now.
0
 
LVL 10

Expert Comment

by:Bawer
ID: 34149548
i don't think T1 is still less.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 34151171
A T1 is 1.544 Mbps if it is all used for internet.  If they have gone to 'cloud services', that's not much bandwidth for 25 computers to be sharing.  If they are also getting phone service on that T1, they may not have the full bandwidth available.
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 34202499
looks like multiple Logmein were running on some computers, had to remove and looks like it's better now

Thx!
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 34386762
why would this question be deleted?
I'm still working on the issue
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 34386764
or should I click Object?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 34386965
It would be deleted because, as it said above, there has been no comment for 21 days.  Do you have an update or more details to your question?
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 34386971
do you actually delete the post or just close it?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34387453
Delete. If it would be closed, one or more answers were selected for accepting, and that had been stated as "Accept".
You should either post an update, or close the question yourself now.

Qlemo
Cleanup Volunteer
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 34406440
please cancel, the solutions are listed above so I would like to assing points
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 34406443
sorry guys for this mess with deleyed response - when I blocked the Akamai public IPs Logmein sessions drops - I still need to talk to the vendor as we never seen situation like that on other networks (we have 500 desktops and 120 servers)
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question