Solved

URGENT - Slow internet performance

Posted on 2010-11-16
24
509 Views
Last Modified: 2012-05-10
Our internet slows down intermittently during business hour and causes a lot of disruption. We see a lot connections to 216.156.213.35 .32 .34 etc IPs but can't figure out what network is it or if it is a virus. We track down the PCs where the connections come from using X-Netstat but none of the connections go to  216.156.213.xxx network - rootkit?

Need some assistance here

thank you so much
0
Comment
Question by:piotrmikula108
  • 8
  • 4
  • 4
  • +4
24 Comments
 
LVL 2

Accepted Solution

by:
ElDiabloBlanco earned 125 total points
Comment Utility
first - block that IP in your firewall. if its something you actually need, someone will yell about it when it stops working.

then, worry about where its coming from...

check auto update settings for adobe, java, MS, antivirus, etc...
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 125 total points
Comment Utility
No, 216.156.213.35 is an Akamai server.  They mirror large sites (for a fee) so that the content can be returned more quickly.  It spreads out the load on the actual servers to speed up access.  http://www.akamai.com/

The original request could be to any large site that uses Akamai to deliver their content.  Some of their customers are listed on http://www.akamai.com/html/customers/index.html .
0
 
LVL 5

Assisted Solution

by:mooodiecr
mooodiecr earned 250 total points
Comment Utility
Well that network of 216.156.213.35 is a web hosting service.  It runs on AkamiGhost web services.  It also helps balance out sites or DNS queries of large networks.  I would be concerned if it is taking up that much bandwidth but you need to figure out why type of traffic it is.  McAfee seems to have never seen any suspicious traffic from that particular IP address, but that doesn't mean it doesn't have any.

http://www.trustedsource.org/TS?do=feedback&subdo=query&q=216.156.213.35 <change the IP to whatever for info on an IP>

What happens if you just block the destination IP addresses?  does anything fail?
0
 
LVL 10

Expert Comment

by:Bawer
Comment Utility
how many machines are using the bandwidth , is there any filtering software in between of its only ICS.
0
 
LVL 1

Author Comment

by:piotrmikula108
Comment Utility
We deployed a week ago Zenith SAAZ agent that included the PC monitoring agent, SpyBot agent and Logmein
0
 
LVL 5

Assisted Solution

by:mooodiecr
mooodiecr earned 250 total points
Comment Utility
Well Logmein does host some of its connection portals on Akamai.  As I think they are all part of the same umbrella company.  That could be part of it. :S
0
 
LVL 10

Expert Comment

by:Bawer
Comment Utility
What is the total bandwidth and the count of machines, why i am asking this question is that the same case happened with me too and i found the solution.
0
 
LVL 1

Author Comment

by:piotrmikula108
Comment Utility
well we have about 25 machines inside the office and 30 users outside using web application hosted behind the main office firewall - I tried to track which PCs are the most active but it's very random - we only have 1 T1 line - not a lot
0
 
LVL 3

Expert Comment

by:F_A_H_D
Comment Utility
the best way to track it ... track it manually .. i mean unplugged the cables one by one till u reach the machine make the noise
0
 
LVL 10

Expert Comment

by:Bawer
Comment Utility
here are some tips,

1) get the list of all machines using internet,
2) check all the services running on those machines, i believe 25 are less as compared to what i found among the 300 machines.
3) disable all the windows update services and instead keep on WSUS server , i believe u must be having a internal domain.
4) disable all AV self updating services and instead install a AV admin server to serve all the clients.

have EMCO network monitoring and malware cleaner, with network monitor control the machines using different applications and with malware cleaner clean the infected machines.

Only above centralization will work for u else many servers and apps will certainly eat up all the bandwidth.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
You might want to look at this: http://zenithinfotech.com/en/Solutions/Managed%20Services/Desktop%20Management/~/media/Files/Company/MSIBrochure.ashx  It looks like Zenith SAAZ agent has increased your connection needs a lot because it is constantly interacting with the Zenith servers which may on the Akamai hosting.  You may need more than a single T1 now.
0
 
LVL 10

Expert Comment

by:Bawer
Comment Utility
i don't think T1 is still less.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
A T1 is 1.544 Mbps if it is all used for internet.  If they have gone to 'cloud services', that's not much bandwidth for 25 computers to be sharing.  If they are also getting phone service on that T1, they may not have the full bandwidth available.
0
 
LVL 1

Author Comment

by:piotrmikula108
Comment Utility
looks like multiple Logmein were running on some computers, had to remove and looks like it's better now

Thx!
0
 
LVL 1

Author Comment

by:piotrmikula108
Comment Utility
why would this question be deleted?
I'm still working on the issue
0
 
LVL 1

Author Comment

by:piotrmikula108
Comment Utility
or should I click Object?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
It would be deleted because, as it said above, there has been no comment for 21 days.  Do you have an update or more details to your question?
0
 
LVL 1

Author Comment

by:piotrmikula108
Comment Utility
do you actually delete the post or just close it?
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Delete. If it would be closed, one or more answers were selected for accepting, and that had been stated as "Accept".
You should either post an update, or close the question yourself now.

Qlemo
Cleanup Volunteer
0
 
LVL 1

Author Comment

by:piotrmikula108
Comment Utility
please cancel, the solutions are listed above so I would like to assing points
0
 
LVL 1

Author Comment

by:piotrmikula108
Comment Utility
sorry guys for this mess with deleyed response - when I blocked the Akamai public IPs Logmein sessions drops - I still need to talk to the vendor as we never seen situation like that on other networks (we have 500 desktops and 120 servers)
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Extending  a subnet 9 34
cisco switch stacking 6 29
network timeout on mapped drive 3 25
EIGRP Full Mesh 2 28
Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now