1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Office Internet Connection intermittently going down

Discussion in 'Networking (Hardware & Software)' started by BadBoy House, 2007/05/31.

Thread Status:
Not open for further replies.
  1. 2007/05/31
    BadBoy House

    BadBoy House Inactive Thread Starter

    Joined:
    2007/05/30
    Messages:
    28
    Likes Received:
    0
    For the past couple of days our office internet connection has been intermittently going down.

    It goes off for say 4 or 5 minutes then comes back on of it's own accord.

    I've verified all of our systems to make sure that none are infected with any viruses. In addition to this when the connection goes down I cannot ping any websites via their IP addresses so I dont believe it is a DNS issue. BT have also confirmed there are no problems their end.

    The internet is shared throughout the office via our webserver (win2k nat) which connects to our bt router.


    Any ideas as to what might be causing the prob? It doesnt make it easy when it comes back online on it's own.

    Thanks in advance.
     
  2. 2007/05/31
    ReggieB

    ReggieB Inactive Alumni

    Joined:
    2004/05/12
    Messages:
    2,786
    Likes Received:
    2
    The first test is to see if the problem is inside your network or on your ISP network. Never take BT's word for it when they say that it isn't their system. They rarely admit it is, and often it is

    So first thing to do is use TRACERT to determine where things are going wrong. Try this at a command prompt while you are having problems connecting:
    Code:
    tracert 216.239.59.99
    If the resulting trace gets beyond your router and fails to get to the destination then the problem is at the BT end.

    If the trace has problems getting beyond your router or you get all the way to the destination (a google UK webserver), you probably have a problem inside your network. Use NSLOOKUP to see if that can tell you what the problem is:
    Code:
    nslookup www.google.co.uk
     

  3. to hide this advert.

  4. 2007/06/01
    BadBoy House

    BadBoy House Inactive Thread Starter

    Joined:
    2007/05/30
    Messages:
    28
    Likes Received:
    0
    Cheers Reggie.

    The internet was down again when i arrived for work today.

    Instead of rebooting our webserver I instead switched off the BT router then switched it back on again.

    After a few minutes the internet came back on which would suggest the problem is BT's and not mine.
     
  5. 2007/06/01
    ReggieB

    ReggieB Inactive Alumni

    Joined:
    2004/05/12
    Messages:
    2,786
    Likes Received:
    2
    It could be a router fault. Do BT manage the router or have they just supplied it? If the later, you will probably have to replace the router yourself if it is faulty.

    I still recommend you try that TRACERT. I've seen problems before where the fault is with the BT device the router connects to over the broadband. Rebooting the router resets that connection, either giving the remote device a kick that sorts it out for a while, or connecting to an alternative device that is not faulty.

    If you are to get the best support from BT, you need to determine where the fault is.
     
  6. 2007/06/01
    BadBoy House

    BadBoy House Inactive Thread Starter

    Joined:
    2007/05/30
    Messages:
    28
    Likes Received:
    0
    Ok I've been doing some more work on trying to figure this out today.

    Some interesting findings, I'm keen to hear what you think

    1. When the internet goes down you cannot ping or tracert anything from any computer on the network.

    2. If I unplug the webserver (win2k nat box) from the BT router and instead connect a spare laptop with the same ip details etc the internet works fine from the laptop. no problems at all.

    3. When the internet seemingly goes down the WAN and LANT lights on the router flash like mad. The LANR light stays off. The LANT light flashes when it's receiving traffic from a computer connected (the webserver in our case).

    4. When the internet went down I ran ethereal on the External network card of the webserver and it showed literally thousands of UDP packets being sent from the external network card to an ip address on the internet (59.34.196.249 each time). The source port differed each time - 4236,4295,4310 and so on - always either a 42 or 43 start to the port number. The destination port was either 7204 or 7201 each time.

    I also monitored the Internal network card on the webserver (win2k nat box) but that was'nt getting any of the above mentioned traffic.

    So, based on all the above my assumptions are as follows:

    - The problem is not BT or the router. It is in fact my problem and my kit.

    - The router is receiving an unusually large amount of traffic/packets from the webserver connected to it.

    - It isnt a workstation on the network causing the traffic because the ethereal logs didn't pick up any of the rogue traffic above for the internal network card.

    and so based on these assumptions it must be something on the webserver (virus, spyware, malware) that's causing the excess traffic - most probably mass mailings or ddos attacks. the internet isnt actually going off, it's simply being overloaded by the enormous amount of traffic being sent to the router.



    Panda WebAdmin which runs on all of the computers including the webserver is reporting no viruses and is updated hourly.

    I've left the Microsoft malware program running and will see it on monday.

    I'm also concerned that if i format and reinstall windows on the system the problem could just as easily come back. How would I prevent this?


    Thanks for any input
     
    Last edited: 2007/06/01
  7. 2007/06/02
    ReggieB

    ReggieB Inactive Alumni

    Joined:
    2004/05/12
    Messages:
    2,786
    Likes Received:
    2
    Nice bit of diagnosis Badboy. I agree - this looks like malware to me too.

    I've copied the thread over to the Spyware and Virus forum. Where some of the experts in that area can give it a once over. Click here to see the new thread.

    As this no longer looks like a network problem, I am closing this thread. PM me if you want it reopened.
     
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.