Sudden unexplained download traffic from our ISP is making i
Posted: Sat Apr 05, 2014 2:04 pm
I've just joined the Gargoyle community following a week of struggling to understand this problem.
We are a church, 800 or so members, in the UK. In our office and visitor centre we have a business broadband account, with a fixed IP, and a network with Microsoft Small Business Server 2011, 4 desktop PCs, 2 of which are powered up 24x7. We also have up to 8 WiFi users with laptops, tablets, phones etc. The connection is ADSL, and usually registers 4-5 Mbps for downloads. We have a Netgear ADSL modem, and a Netgear SRXN3205 router, both of which have been operating perfectly for 4 years or so. Also a Talkswitch phone system, managing 2 PSTN lines, with IP handsets, one of these remote, connecting over the internet.
I noticed at the beginning of the week that the ADSL 'activity' light on the modem was flashing rapidly, regardless of user activity. I've checked all our computers for malware, rootkits, etc, and they appear to be clean. Checking our usage with the ISP, we are 'downloading' up to 9Gb daily. This makes no sense at all.
I have used Wireshark to log network traffic, and can't see anything unusual. The packet capture rate in wireshark is sometimes rapid, sometimes there are pauses in packets arriving. The rate of flashing on the modem activity light is rapid and constant.
The usage profile provided by our ISP includes approximately equal amounts of 'Download' and 'Broadband phonecall' traffic. And if I disconnect the router from the ADSL modem, the activity flashing continues.
Can anyone suggest any explanation of this problem? Is it some sort of DDoS attack, or some scanner that has latched on to our IP address and is bombarding us with traffic? And would trying a Gargoyle router help?
We are a church, 800 or so members, in the UK. In our office and visitor centre we have a business broadband account, with a fixed IP, and a network with Microsoft Small Business Server 2011, 4 desktop PCs, 2 of which are powered up 24x7. We also have up to 8 WiFi users with laptops, tablets, phones etc. The connection is ADSL, and usually registers 4-5 Mbps for downloads. We have a Netgear ADSL modem, and a Netgear SRXN3205 router, both of which have been operating perfectly for 4 years or so. Also a Talkswitch phone system, managing 2 PSTN lines, with IP handsets, one of these remote, connecting over the internet.
I noticed at the beginning of the week that the ADSL 'activity' light on the modem was flashing rapidly, regardless of user activity. I've checked all our computers for malware, rootkits, etc, and they appear to be clean. Checking our usage with the ISP, we are 'downloading' up to 9Gb daily. This makes no sense at all.
I have used Wireshark to log network traffic, and can't see anything unusual. The packet capture rate in wireshark is sometimes rapid, sometimes there are pauses in packets arriving. The rate of flashing on the modem activity light is rapid and constant.
The usage profile provided by our ISP includes approximately equal amounts of 'Download' and 'Broadband phonecall' traffic. And if I disconnect the router from the ADSL modem, the activity flashing continues.
Can anyone suggest any explanation of this problem? Is it some sort of DDoS attack, or some scanner that has latched on to our IP address and is bombarding us with traffic? And would trying a Gargoyle router help?