Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

suspicious activity on our network.  Bandwidth usage very high

Posted on 2014-10-17
8
Medium Priority
?
391 Views
Last Modified: 2015-06-11
I use a product called Untangle and it has a bandwidth monitor.  However, I'm not clear on what it is displaying.  See attachment.  The first IP is Comcast.  The second I couldn't find.  Should I block them both?  Should I be concerned?
Any advice would be appreciate.
bandwidth.jpg
0
Comment
Question by:J.R. Sitman
8 Comments
 
LVL 3

Expert Comment

by:Soufiane Adil, Ph.D
ID: 40387721
Hi

I had the same issues with some users in my organisation, but I'm using Fortinet to check which user ip address is consuming more bandwidth than usual and I always block the destination ip address.

Sou
0
 

Author Comment

by:J.R. Sitman
ID: 40387786
Block the 192?
0
 
LVL 12

Accepted Solution

by:
DarinTCH earned 2000 total points
ID: 40387832
he was indicating if the traffic was outbound....
looks like u meant inbound

you can check the ip and ports

ip = comcast
ports some are realistic...exchange active synch

when in doubt tho block the foreign address and see what happens
could be malware on you network that reaches out and is getting return traffic
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

 

Author Comment

by:J.R. Sitman
ID: 40387834
do you think someone was watching comcast at work
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 40387894
i access comcast a lot ...even work or anywhere
it is my email provider...
and sometimes i get caught in looking at the news if I have time

usually they are decent and they do spend a lot of resources making sure the traffic is relatively clean

monitor the situation and see what else transpires.....
it is always a good idea to have a baseline anyway and know whats running on your network

the more time you spend with some networking tools
or looking at the firewall or router - you'll have a better handle on whats 'normal'

and then it a tad easier to spot odd traffic

the newer firewalls - NGFW - Next generation Firewalls are specifically designed to identify the applications running on our network by looking at all the traffic and then letting us know what it is - s we can control it

like  a Palo Alto - beware they are not super cheap...lol ... but very good
0
 
LVL 6

Expert Comment

by:Wylie Bayes
ID: 40387903
If you research the port number, 9600, it comes back as "MICROMUSE-NCPW."  A quick search of MicroMuse comes up with: http://en.wikipedia.org/wiki/MicroMUSE 

It is an online Role-playing game of some kind.  So one of your users seems to have a lot of time on their hands at work, enough time to play role playing games ;-).

Though it's extremely old... It still seems to be around via: http://www.mudconnect.com/mud-bin/adv_search.cgi?Mode=MUD&mud=MicroMUSE 

Hope this helps.
0
 

Author Comment

by:J.R. Sitman
ID: 40387938
Any suggestions on how I determine which computer is accessing Comcast?
0
 

Author Closing Comment

by:J.R. Sitman
ID: 40825565
Thanks, I blocked it.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question