URGENT - Slow internet performance

Our internet slows down intermittently during business hour and causes a lot of disruption. We see a lot connections to 216.156.213.35 .32 .34 etc IPs but can't figure out what network is it or if it is a virus. We track down the PCs where the connections come from using X-Netstat but none of the connections go to  216.156.213.xxx network - rootkit?

Need some assistance here

thank you so much
LVL 1
piotrmikula108Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
ElDiabloBlancoConnect With a Mentor Commented:
first - block that IP in your firewall. if its something you actually need, someone will yell about it when it stops working.

then, worry about where its coming from...

check auto update settings for adobe, java, MS, antivirus, etc...
0
 
Dave BaldwinConnect With a Mentor Fixer of ProblemsCommented:
No, 216.156.213.35 is an Akamai server.  They mirror large sites (for a fee) so that the content can be returned more quickly.  It spreads out the load on the actual servers to speed up access.  http://www.akamai.com/

The original request could be to any large site that uses Akamai to deliver their content.  Some of their customers are listed on http://www.akamai.com/html/customers/index.html .
0
 
mooodiecrConnect With a Mentor Commented:
Well that network of 216.156.213.35 is a web hosting service.  It runs on AkamiGhost web services.  It also helps balance out sites or DNS queries of large networks.  I would be concerned if it is taking up that much bandwidth but you need to figure out why type of traffic it is.  McAfee seems to have never seen any suspicious traffic from that particular IP address, but that doesn't mean it doesn't have any.

http://www.trustedsource.org/TS?do=feedback&subdo=query&q=216.156.213.35 <change the IP to whatever for info on an IP>

What happens if you just block the destination IP addresses?  does anything fail?
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
BawerCommented:
how many machines are using the bandwidth , is there any filtering software in between of its only ICS.
0
 
piotrmikula108Author Commented:
We deployed a week ago Zenith SAAZ agent that included the PC monitoring agent, SpyBot agent and Logmein
0
 
mooodiecrConnect With a Mentor Commented:
Well Logmein does host some of its connection portals on Akamai.  As I think they are all part of the same umbrella company.  That could be part of it. :S
0
 
BawerCommented:
What is the total bandwidth and the count of machines, why i am asking this question is that the same case happened with me too and i found the solution.
0
 
piotrmikula108Author Commented:
well we have about 25 machines inside the office and 30 users outside using web application hosted behind the main office firewall - I tried to track which PCs are the most active but it's very random - we only have 1 T1 line - not a lot
0
 
F_A_H_DCommented:
the best way to track it ... track it manually .. i mean unplugged the cables one by one till u reach the machine make the noise
0
 
BawerCommented:
here are some tips,

1) get the list of all machines using internet,
2) check all the services running on those machines, i believe 25 are less as compared to what i found among the 300 machines.
3) disable all the windows update services and instead keep on WSUS server , i believe u must be having a internal domain.
4) disable all AV self updating services and instead install a AV admin server to serve all the clients.

have EMCO network monitoring and malware cleaner, with network monitor control the machines using different applications and with malware cleaner clean the infected machines.

Only above centralization will work for u else many servers and apps will certainly eat up all the bandwidth.
0
 
Dave BaldwinFixer of ProblemsCommented:
You might want to look at this: http://zenithinfotech.com/en/Solutions/Managed%20Services/Desktop%20Management/~/media/Files/Company/MSIBrochure.ashx  It looks like Zenith SAAZ agent has increased your connection needs a lot because it is constantly interacting with the Zenith servers which may on the Akamai hosting.  You may need more than a single T1 now.
0
 
BawerCommented:
i don't think T1 is still less.
0
 
Dave BaldwinFixer of ProblemsCommented:
A T1 is 1.544 Mbps if it is all used for internet.  If they have gone to 'cloud services', that's not much bandwidth for 25 computers to be sharing.  If they are also getting phone service on that T1, they may not have the full bandwidth available.
0
 
piotrmikula108Author Commented:
looks like multiple Logmein were running on some computers, had to remove and looks like it's better now

Thx!
0
 
piotrmikula108Author Commented:
why would this question be deleted?
I'm still working on the issue
0
 
piotrmikula108Author Commented:
or should I click Object?
0
 
Dave BaldwinFixer of ProblemsCommented:
It would be deleted because, as it said above, there has been no comment for 21 days.  Do you have an update or more details to your question?
0
 
piotrmikula108Author Commented:
do you actually delete the post or just close it?
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Delete. If it would be closed, one or more answers were selected for accepting, and that had been stated as "Accept".
You should either post an update, or close the question yourself now.

Qlemo
Cleanup Volunteer
0
 
piotrmikula108Author Commented:
please cancel, the solutions are listed above so I would like to assing points
0
 
piotrmikula108Author Commented:
sorry guys for this mess with deleyed response - when I blocked the Akamai public IPs Logmein sessions drops - I still need to talk to the vendor as we never seen situation like that on other networks (we have 500 desktops and 120 servers)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.