Office Internet Connection intermittently going down

[BadBoy House]

For the past couple of days our office internet connection has been
intermittently going down.

It goes off for say 4 or 5 minutes then comes back on of it's own
accord.

I've verified all of our systems to make sure that none are infected
with any viruses. In addition to this when the connection goes down I
cannot ping any websites via their IP addresses so I dont believe it
is a DNS issue. BT have also confirmed there are no problems their
end.

The internet is shared throughout the office via our webserver (win2k
nat) which connects to our bt router.


Any ideas as to what might be causing the prob? It doesnt make it
easy when it comes back online on it's own.

Thanks in advance.


www.badboyhouse.co.uk

 

[Phillip Windell]

The ISP is the first place to look/ask,...particularly if this is a DSL or
CableTV connection that uses PPPoE. Your best bet there is to get rid of PPPoE
as fast as possible,..even if that means finding a different ISP.

If you can't get rid of the PPPoE, then stop sharing the connection with the
server and change the server to a single Nic. Use a Broadband Device that is
designed to work efficiantly with PPPoE to "share" the Internet connection.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.

 

[BadBoy House]

Ok I've been doing some more work on trying to figure this out today.

Some interesting findings, I'm keen to hear what you think

1. When the internet goes down you cannot ping or tracert anything
from any computer on the network.

2. If I unplug the webserver (win2k nat box) from the BT router and
instead connect a spare laptop with the same ip details etc the
internet works fine from the laptop. no problems at all.

3. When the internet seemingly goes down the WAN and LANT lights on
the router flash like mad. The LANR light stays off. The LANT light
flashes when it's receiving traffic from a computer connected (the
webserver in our case).

4. When the internet went down I ran ethereal on the External network
card of the webserver and it showed literally thousands of UDP packets
being sent from the external network card to an ip address on the
internet (59.34.196.249 each time). The source port differed each time
- 4236,4295,4310 and so on - always either a 42 or 43 start to the
port number. The destination port was either 7204 or 7201 each time.

I also monitored the Internal network card on the webserver (win2k nat
box) but that was'nt getting any of the above mentioned traffic.

So, based on all the above my assumptions are as follows:

- The problem is not BT or the router. It is in fact my problem and my
kit.

- The router is receiving an unusually large amount of traffic/packets
from the webserver connected to it.

- It isnt a workstation on the network causing the traffic because the
ethereal logs didn't pick up any of the rogue traffic above for the
internal network card.

and so based on these assumptions it must be something on the
webserver (virus, spyware, malware) that's causing the excess traffic
- most probably mass mailings or ddos attacks. the internet isnt
actually going off, it's simply being overloaded by the enormous
amount of traffic being sent to the router.



Panda WebAdmin which runs on all of the computers including the
webserver is reporting no viruses and is updated hourly.

I've left the Microsoft malware program running and will see it on
monday.


Thanks for any input
__________________
WWW.BADBOYHOUSE.CO.UK

XBOX LIVE'S BADBOY HOUSE