Internal network traffic !

indyguyindyguy Member Posts: 34 ■■□□□□□□□□
Guys,

Im just wondering if anyone can help me out here...

Our network utilisation is almost hitting 100% without any users logged on to the network.
i see that the traffic is coming from this Limelightnetworks
15:18:18.774717 IP 192.168.3.113.53155 > cds11.ams9.llnw.net.www: . ack 2880 win 65535
15:18:18.778859 IP cds11.ams9.llnw.net.www > 192.168.3.113.53155: . 2880:4320(1440) ack 1 win 65535

I have this string of Ip address for all my users, I understand that this is some sort of a spider, an the site i work at doesnt host our web server- so how is it possible that our internal network can get flooded with this spider.
and could anyone advice me how to get rid of this ****.

Thanks in advance!!

Comments

  • darkerosxxdarkerosxx Banned Posts: 1,343
    Do you have a lot of computers on the internal network and on the subnet you're seeing the traffic on?
  • WanBoy67WanBoy67 Member Posts: 225
    How do computers get out on to the net? Gateway, Proxy?

    Sounds like a laptop plugged in somewhere using limewire, check your switch for a flashing light and trace it back to the patch, then from the patch to said device. Someone's in trouble.
    Yes we can, yes we can...
  • tierstentiersten Member Posts: 4,505
    You really should reuse one of your other threads that you started about this topic instead of making another one. Anyway...

    It is the other way around. 192.168.3.113 is connecting to the HTTP service on cds11.ams9.llnw.net. Limelight Networks is a CDN and a site/service is using them to provide hosting for something. The high port number is normal and a part of how TCP is usually implemented. Go check 192.168.3.113 to see why it is making so many connections.
  • tierstentiersten Member Posts: 4,505
    WanBoy67 wrote: »
    Sounds like a laptop plugged in somewhere using limewire
    No. Limelight Networks isn't Limewire. They are a CDN like Akamai.
  • rwwest7rwwest7 Member Posts: 300
    Find out the MAC address for 192.168.3.113, then create a DHCP reservation for it to always get that address. Then create a rule to not allow that IP address out to the internet. Wait for someone to complain their internet has stopped working, take a few days to scan the hell out of their machine and warn them about mis-using the network.
Sign In or Register to comment.