Announcement

Collapse
No announcement yet.

Network Performance/Security Woes

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Network Performance/Security Woes

    <CN>
    3Mbit connection sucking - possible infestation - any ideas on how to help?
    </CN>

    <novel>
    So my 3Mbit connection has ***** the bed this week. I called up my provider to see if there was something going on on their side (ice storm up here this week took out power for a couple days, so I was hoping it was just downed lines or something), but they said all was good. However, on all the computers on my network, I'm getting dropped connections, way slow performance (took me about 5 minutes to get to OT from the main site), and sometimes no connection at all (even the WAN IP on my router drops out). Even just running a ping will show high times and drops (see the attached output file).

    I typically run a Bit Torrent client, an FTP server when tranferring files to/from friends, VOIP phone, Web, and IM. Talking with the tech, the first thing he told me is that my 3Mbit connection isn't enough for all that I've been running this type of setup for years on other providers (I've used AT&T, Comcast, RCN, Verizon DSL, and now Charter which sucks). This issue can't be all my fault. Even when everything was running smoothly, I'd have to stop any downloads in order to use my VOIP which should take only 200k bandwith.

    Anyways, while talking with the tech, he had me run some ping's, netstat -a, and tracert's to see if anything was up on my end. My netstat was showing a BUNCH of open ports (see attached). Does anyone have any recommendation of a good freeware port scanner/monitor that might tell me what app is using what ports?

    Also, this issue seems to be network wide. Is it possible I've got some type of virus/worm/adware that has installed itself over the network or even worse, on the network (like in the router)? Any recommendations of what I can run to try to clean out something like this? (I've got Symantec AntiVirus Corporate, Check Point Integrity firewall, and Ad-Aware SE Personal, Build 1.06r1 installed currently.) What kind of software can scan a whole Windows workgroup network?

    Any ideas would be appreciated. I can't even download half-meg files at times - it'll start up and then drop to 0.2k and just hang. Sometimes it even crashes whatever client is trying to download. Help!! And Thanks!

    </novel>
    Attached Files

    CarPC v2.5 up and running - all hardware installed, skin configured, and iG tweaked like crazy. Now for OBD-II, and voice control, and camera plugin, and... :nutz: - it never ends!

  • #2
    I like peerguardian

    Have you tried directly plugging the uplink to your computer to see if you get the same results? Your router/switch could be bad.
    2002 Acura RSX CarPC Worklog
    Current CarPC Expenses

    Comment


    • #3
      If you have windows PCs make sure you have anti spy ware
      like "Ad Aware" or "Spybot - Search & Destroy" or "Spy Ware Blaster"

      and good anti virus like "AVG" or "Avast"

      "Process Explorer" can show you whats running

      "Autoruns" can disable junk

      "Hijack This" or "Rootkit Buster" or "RootKit Hook Analyzer"
      or "Rootkit Revealer" can help with root kits

      "Angry IP Scanner" and "Active Ports" and "Current Ports"
      are good network tools

      "Ethereal" will tell you every thing thats going on in your network


      Go to Portableapps.com for a lot of the programs above made to run
      on a flash/thumb drive

      Hope this helps

      If you have a good router - set up the proper way - your other boxes
      dont need firewalls, because your router is the firewall,

      you could try some on line firewall tests, like

      http://www.hackerwatch.org/probe/

      or

      https://www.grc.com/x/ne.dll?bh0bkyd2


      And like what was said, maybe you router is bad - or needs a reset, make
      sure to check it after the reset - in case it goes back to defalut

      Comment


      • #4
        ^^ Now that's what I'm talking about! I knew I could count on this forum for some help with this issue.

        I took a look at my system with Process Explorer and some port viewer on the Sysinternals site and nothing looks out of the ordinary. (Took me a while to download these programs because the damn network kept timing out.) I'm just having trouble trying to figure out where the issue lie. I don't think it's the PC, because I've seen it on two brand new installs. One of those new installs I hooked directly to the modem. Problem is, I can't prove anything to my provider (who provides the modem) because everytime I run a tracert everything looks fine to them - any other timeouts are out on the internet (which they obviously can't control).

        I'll try pouring over the open ports and watch with Ethereal or Wireshark, and try to get some captures of issues while connected directly. Maybe I can at least provide enough of a case to get a replacement modem, and then I can replace my router and see if that clears up the issue.

        Damn these things are hard to track down...

        Also, does anyone know of any type of infection that could attack my router? As if it got into the router's memory? How could I scan that? Anything that could attack the modem in a similar fashion?

        CarPC v2.5 up and running - all hardware installed, skin configured, and iG tweaked like crazy. Now for OBD-II, and voice control, and camera plugin, and... :nutz: - it never ends!

        Comment


        • #5
          I had a similar situation where machines kept getting flooded off the network.

          Turns out it was a chatty NIC. When that was replaced, all was good.

          Chick all the NICs on your network.
          Have you looked in the FAQ yet?
          How about the Wiki?



          Under normal circumstances, a signature would go here.

          Comment


          • #6
            we've had something similar at work, brought the entire site to a crawl, completely flooding out switches (4.7 Million packets per second) and 1GB backbones.

            turns out someone had made a feeback loop with a unmanaged desktop switch, every port was on constant with broadcasts, unplugged it and everything went quiet. check what the activity on yopur network is like, start disconnecting switches untill traffic drops, when it goes quite the switch you just unplugged is where the traffics coming from, then start unplugging ports on that untill you find the culprit.
            Audio: Alpine PXA-H700 DSP, Rockford Fosgate Punch P4004 amp, P152S Comps and Alpine SWR-1242D Sub
            PC: BU-303, SB Audigy 2 ZS, Jetway 1.5Ghz, Cubid case, M2-ATX PSU, New 700tsv
            Toys:K8055 relay board, Elmscan OBDII

            Type-R Mini

            Comment


            • #7
              ^^ The past two posts are good ideas - I'll look into it, but it's only a home network, so there's at most 5 PC's on at once and there are no switches.

              I'll try using one PC at a time to narrow down the NIC's and see where it goes. I still feel like I'm on a wild goose chase with this issue

              CarPC v2.5 up and running - all hardware installed, skin configured, and iG tweaked like crazy. Now for OBD-II, and voice control, and camera plugin, and... :nutz: - it never ends!

              Comment


              • #8
                I have heard of instances where service providers run scans accross ports to make sure their customers are not running server software (FTP/Web Servers etc.) and shut them down. I would try taking all your computers down except for one (that you don't do anything with) / reset your router&modem and see if that solves your issue. At least this might help you identify if there is an issue on one of the computers or if it is a network/provider issue. If you are using a wireless router, make sure everything is locked down.
                Joel Konecny
                Digimoto OBDII Diagnostics

                Comment


                • #9
                  Try some of the options for netstat: "netstat -b" is a good start. If you don't recognize the .exe, run a search on google to find out what it really is. If you want to see all the available options, try "netstat /?"

                  My ping to mp3car.com was similar to what you got, so I wouldn't worry about that.

                  You can shut down all your services and run a connection speed test at www.dslreports.com

                  Also, try rebooting your router. I've had experiences where if I ran speeds above a few hundred kbps the (netgear) router just crapped out, and I've had experiences with routers starting to run slowly if they've been on for a long time or if they get hot. One time I actually had to reset it to its factory defaults before it sped up.

                  Good luck!
                  Old plans out the window because of an accident .
                  Have: M1-ATX, EPIA M10000, 256MB, 60GB 2.5", slim slot load DVD
                  Need: Time, HU integration, ideas for Lilli

                  Comment


                  • #10
                    Oh! Look at your network cables too, if they're crimped that can really mess things up.

                    Edit: I keep thinking of new things but don't want to triple-post
                    http://www.snort.org/ - I haven't used it myself, but if you have a spare computer it can really do a lot.
                    Old plans out the window because of an accident .
                    Have: M1-ATX, EPIA M10000, 256MB, 60GB 2.5", slim slot load DVD
                    Need: Time, HU integration, ideas for Lilli

                    Comment


                    • #11
                      @RPI Geek:

                      OT, but did you ever read the PM I sent you on 1/17? I still have it if you want one.

                      -Elliot
                      2002 Acura RSX CarPC Worklog
                      Current CarPC Expenses

                      Comment


                      • #12
                        So almost a month later, it turns out the issue was some old/bad RG-59 coax. Finally got someone out to look at the system, and they looked at the signal strength and it was crap - fine for cable television on the lower channels, but crap for internet on the higher channels. We replaced a ~150' length of RG-59 with some new RG-6, and it cleared up the issue considerably. Still not perfect, but I've got a few more lengths of RG-59 to replace in the system. The cable coming from the street isn't the newest either (and it's pretty long - that'll be next).

                        Thanks anyway for all the ideas and help. Something must have happened to the signal levels (dropped) on the provider's end which caused the current wiring to no longer be up to snuff. Damn provider...

                        CarPC v2.5 up and running - all hardware installed, skin configured, and iG tweaked like crazy. Now for OBD-II, and voice control, and camera plugin, and... :nutz: - it never ends!

                        Comment


                        • #13
                          I was close!
                          Old plans out the window because of an accident .
                          Have: M1-ATX, EPIA M10000, 256MB, 60GB 2.5", slim slot load DVD
                          Need: Time, HU integration, ideas for Lilli

                          Comment

                          Working...
                          X