|
Posted by =?Utf-8?B?V2FycmVuIE1hY2hhbmlr on August 23, 2008, 3:22 am
If you were Registered and logged in, you could reply and use other advanced thread options
Took a while to come back to the forum. I had a business to run and have not
had the time to try and troubleshoot. We identified the PC that was causing
most of the problem, we are not sure if we have solved the problem since we
systimatically disable it from the network. I have performed Spyware scanns
and update virus definitions and examined the startup and removed anything
that was suspicous.
I am interested in this DNS thing since I am having a problem which may be
related that the first time I look for a web site it does not load, then you
press enter on the browser and it loads. Sure it is DNS
--
Warren - All limits are man made
"Dan" wrote:
> Good Reply. My work network is seeing unusual activity as well due to DNS
> Pollution issues.
>
> "S. Pidgorny <MVP>" wrote:
>
> > Looks like something generates a lot of traffic to your WAN
> > interface/iBurst.
> >
> > First, you need to find a way of measure traffic through external interface
> > of your SBS server.
> > I suggest running combination of perfmon.exe (with Network Interface
> > counters) and commands like "netstat -e". The ultimate approach is to run
> > network capture (using Microsoft Netmon or Wireshark) for 15-30 minutes to
> > see how much traffic is generated and where to/from. Capturing on internal
> > interface will show what workstations are generating most traffic. Wireshark
> > has quite nice analysis tools, very user-friendly.
> >
> > Then - do elimination.
> > Shut down the new DNS update service and see if that mekes any difference.
> > Shut down one of the workstations and see if that makes difference. Repeat
> > with the other workstations.
> >
> > The worst thing is that the traffic may be generated externally, discarded
> > by your systems and still appearing on your bill. In that case you might not
> > see intensive traffic generated by either workstation or the server.
> >
> > --
> > Svyatoslav Pidgorny, MS MVP - Security, MCSE
> > -= F1 is the key =-
> >
> > * http://sl.mvps.org * http://msmvps.com/blogs/sp *
> >
> >
> > >I have a small network 2xXP machines, 1xVista and 1xSmall Business Server
> > > 2003. It may be conicidence but recently (in the last 3 weeks) two things
> > > occuried on my network. My old DDNS service DirectUpdate stop working
> > > after a
> > > security fix was applied, so I replaced it with another. Two I upgraded
> > > one
> > > computer to Vista
> > >
> > > And about a week after noticed I was chewing bandwidth around 1GB of
> > > bandwidth a day.
> > >
> > > I have run TCPView on the one PC and on the Small Busines server. Which is
> > > acting as a router to the external world (connected using a IBurst router
> > > on
> > > an extrernal LAN, not running ISA, just the default Firewall in SBS2003)
> > >
> > > I have tried checking for spyware, and run all the updates but I cannot
> > > find
> > > where I am bleeding bandwidth (and I only get 3GB a month). Any ideas how
> > > to
> > > trouble shoot?
> > > --
> > > Warren - All limits are man made
> >
> >
> >
| 
XML site map