We help IT Professionals succeed at work.

High Outbound HTTP traffic Blue Coat Packeteer

874 Views
Last Modified: 2012-08-14
We are using a packetshaper (blue coat) device 135-10014804. we have a higher than normal bandwidth going OUT using the HTTP protocol. We have used the IP addresses in the Top talkers report to identify several machines on our domain that had viruses and have fixed them. However we noticed that there are quite a few EXTERNAL IP addresses in the TOP TALKERS list. I may be missing something, but if it is OUTBOUND HTTP traffic and we are looking at the top TALKERS list... shouldn't all the IP addresses be internal ones to our own network
Comment
Watch Question

Yes, logically  there should be only internal IP's. But to be very sure please paste some of the public IP's that you are seeing and let us know where you are located. We can (you can too) use the list to see where/who owns the IP and can decide whether they are real viruses/trojans/malwares or vallid ones.

Just enter the ip below and it will show you who is the owner.

http://www.whatismyipaddress.com/ip-lookup

Best,

Author

Commented:
Seems strange all traffic has reverted back to only internal IPs sending outbound http traffic (top talkers). yes we had already done a reverse lookup on the IPs we saw and one was a data centre provider in the ukraine and the other was a streaming service. Other than a hacker or virus I can't see how external IPs would be sending from inside our network. Even if it was a virus or a trojan sending out traffic surely the originating IP should be one of ours (ie the infected machine). The top listeners should give us the culprit site (ie the destination of the traffic) however I would have thought all the talkers should be our IPs..
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Not alot of detail was in the answer, it really only told me what I already knew it made me feel better that someone was agreeing with me but wasn't an  indepth response with detailed information to back up the reasons behind the response
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.