network performance issue - unexplained IP address

We are having an on-gong issue on the network with the email server being blacklisted, and we are looking to try to identify the cause, the suspect being some kind of botnet.

On looking at the network using a protocol analyzer (Colasoft Capsa) the second highest usage in the network comes from an IP address of 205.234.175.175 which I feel is part of the problem.

Any ideas anyone?
grwallaceAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
That IP address is coming from within a range controlled by:

CacheNetworks, Inc.
209 W Jackson Blvd
Suite 700
Chicago
IL
60606
United States

DNS Services
+1-877-442-2243
dnsadmin@cachenetworks.com

I suggest you call / email them about the address in question and see if they can assist you. If they have a rogue computer, they should take it down.

.... Thinkpads_User
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
grwallaceAuthor Commented:
Thanks for that - I have emailed them and will keep you posted.

In the mean time we are going to try to block it using the firewall
0
JohnBusiness Consultant (Owner)Commented:
Sounds good and please post back when you know.

.... Thinkpads_User
0
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

Tony GiangrecoCommented:
I've had the same problem with client networks. I suggest checking your logs to see if there is any activity of NDR's or other notifications related to this situation. Send all that info to them after speaking with them on the phone. Email does not always work in the time you expect it to.
0
Craig BeckCommented:
Lots of dodgy stuff hosted at that IP address...

https://www.virustotal.com/en/ip-address/205.234.175.175/information/

I'd just block it at your firewall and forget about it.
0
grwallaceAuthor Commented:
THanks guys - I have blocked it at the firewall
0
JohnBusiness Consultant (Owner)Commented:
@grwallace - Thanks, and I was happy to help you with this.

... Thinkpads_User
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.