Internet Connection Times Out Periodically

Our company network has been dropping its connection to the Internet every 1 - 2 hours for 20 - 120 seconds for the past 72 hours. Our ISP is Windstream. We have seven bonded T1s. I can ping the public gateway continuously all day and I can see that we lose our connection for about 10 to 14 pings or about one minute per occurrence.  When it goes offline, normal users do not notice because it comes back quickly. However, our VPN users are kicked offline and cannot work. Large file transfers and back ups are also interrupted. We use a SonicWALL NSA 2400. I have no errors in the log and I have rebooted it. Windstream is about to blame this on internal equipment because they cannot see any problems remotely.

What is the solution?
Should I start immediate ISP shopping?
Has anyone seen anything like this before?

Please help!
JM  Latest Outage as of 3.2.11
alnc2004Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
alnc2004Connect With a Mentor Author Commented:
It turned out that a computer on our network was infected with a virus that was part of a DDoS attack. That computer was sending 11212 Byte files to an outside IP on over 6,000 ports, which crippled our router.

Thanks for the suggestions,
Jess
0
 
digitapCommented:
let's confirm a few things first.

edit the WAN interface and try setting the negotiation first to 100mb/full then to 100mb/half. do either help?

then, let's look at MTU on the WAN interface. review my article for this setting on the sonicwall appliance. work through it and report back your results.

http://www.experts-exchange.com/viewArticle.jsp?articleID=3110
0
 
macoronatCommented:
I don't have experience on solicwall appliances, but I recomend you to connect a PC directly to the router and run the extended ping again, see if there is the same behaviour.  Then, as digitap said, check your MTU settings at the WAN links.  Verify that you have the correct encapsulation and linecode for the T1's.  Check if the physical interfaces are reporting any errors.  If they are, you can unbind your T1's one by one and do a loopback cable:

-Use wire cutters to create a working RJ-45 cable that is 5 inches long with an attached connector.
-Strip the wires.
-Twist the wires from pins 1 and 4 together.
-Twist the wires from pins 2 and 5 together.
-Leave the rest of the wires alone.

Put the cable on you sonicwall's T1 port (I'm assuming that your appliance has integrated CSU/DSU). Assign an IP address to the unbond T1, clear the counters of that interface and run an extended ping from the sonicwall router to that IP address. See if you find any errors.  Bind the T1 back.

Then do that for each T1.  If you see errors on the interfaces, you have some bad hardware.  If not you have an ISP issue  (time to look for a new provider).

Cheers!
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
digitapCommented:
@jess :: what did you do to find the device?
0
 
alnc2004Author Commented:
I replaced the NSA 2400 with another brand new one and we had the same problem. I ran an activity scan on my open connections and found that one IP on my network had over 6K connections. I isolated that machine and disconnected it from the network and the problem was solved instantly. Now I have to clean the virus, but that's nowhere nearly as bad as having a network outage.
0
 
digitapCommented:
indeed...working another question with the same issue as yours. i've recommended the same steps you've just confirmed so we'll see where it goes. thanks for the extra information. good luck with the virus.
0
 
alnc2004Author Commented:
It was not an ISP or a firewall problem. It was an internal computer that caused our service to go out.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.