Options
Internal network traffic !
Guys,
Im just wondering if anyone can help me out here...
Our network utilisation is almost hitting 100% without any users logged on to the network.
i see that the traffic is coming from this Limelightnetworks
15:18:18.774717 IP 192.168.3.113.53155 > cds11.ams9.llnw.net.www: . ack 2880 win 65535
15:18:18.778859 IP cds11.ams9.llnw.net.www > 192.168.3.113.53155: . 2880:4320(1440) ack 1 win 65535
I have this string of Ip address for all my users, I understand that this is some sort of a spider, an the site i work at doesnt host our web server- so how is it possible that our internal network can get flooded with this spider.
and could anyone advice me how to get rid of this ****.
Thanks in advance!!
Im just wondering if anyone can help me out here...
Our network utilisation is almost hitting 100% without any users logged on to the network.
i see that the traffic is coming from this Limelightnetworks
15:18:18.774717 IP 192.168.3.113.53155 > cds11.ams9.llnw.net.www: . ack 2880 win 65535
15:18:18.778859 IP cds11.ams9.llnw.net.www > 192.168.3.113.53155: . 2880:4320(1440) ack 1 win 65535
I have this string of Ip address for all my users, I understand that this is some sort of a spider, an the site i work at doesnt host our web server- so how is it possible that our internal network can get flooded with this spider.
and could anyone advice me how to get rid of this ****.
Thanks in advance!!
Comments
-
Options
darkerosxx
Banned Posts: 1,343
Do you have a lot of computers on the internal network and on the subnet you're seeing the traffic on? -
Options
WanBoy67
Member Posts: 225
How do computers get out on to the net? Gateway, Proxy?
Sounds like a laptop plugged in somewhere using limewire, check your switch for a flashing light and trace it back to the patch, then from the patch to said device. Someone's in trouble.Yes we can, yes we can... -
Options
tiersten
Member Posts: 4,505
You really should reuse one of your other threads that you started about this topic instead of making another one. Anyway...
It is the other way around. 192.168.3.113 is connecting to the HTTP service on cds11.ams9.llnw.net. Limelight Networks is a CDN and a site/service is using them to provide hosting for something. The high port number is normal and a part of how TCP is usually implemented. Go check 192.168.3.113 to see why it is making so many connections. -
Optionstiersten
Member Posts: 4,505
No. Limelight Networks isn't Limewire. They are a CDN like Akamai.Sounds like a laptop plugged in somewhere using limewire -
Optionsrwwest7
Member Posts: 300
Find out the MAC address for 192.168.3.113, then create a DHCP reservation for it to always get that address. Then create a rule to not allow that IP address out to the internet. Wait for someone to complain their internet has stopped working, take a few days to scan the hell out of their machine and warn them about mis-using the network.