Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Bandwidth Usage Question

Status
Not open for further replies.
shannanl

shannanl

IS-IT--Management
Apr 24, 2003
1,071
US
This is a little off the Win 2K server realm but I can't find a forum that meets the question. I have a 2K server running Mcafee firewall. The firewall logs show some bandwidth usage that is not from any i.p. in our scheme.

1 192.168.0.15 32.360
2 192.168.0.212 27.787
3 192.168.0.33 14.692
4 192.168.0.96 12.836
5 216.170.230.82 11.578
6 192.168.0.35 8.025
7 192.168.0.103 6.397
8 65.54.251.14 6.101
9 204.127.203.212 5.762
10 192.168.0.109 5.614

Item # 5 and 9 are not in our scheme. How can this be? Is someone hacking us?

Thanks in advance for the help.

Shannan
 
Sort by date Sort by votes
204.127.203.212 resolves to: sccmmhc92.asp.att.net
216.170.230.82 resolves to: mta02.mail.tds.net

Do either of these hostnames ring a bell?

I notice these two IP's are internet legal IP's and I can ping them from my machine fine - however all your 192.168.*.* addresses are Class C internal IP's.

I highly doubt someone is hacking you... more your just seeing many of the millions of port-scans etc that go round the internet everyday looking for open machines.

How do you connect to the internet? If its through a router check your 'port-forwarding' or 'virual server' settings to check your not forwarding anthing from the internet to your server.

Robert Bentley

SynergyworksHosting.co.uk
"reliable services at realistic prices
 
Upvote 0 Downvote
No we only use the private i.p.s. I have no idea who these could be. What is strange to me is the bandwidth usage. Item #5 shows 11.578 megs of bandwidth usage! We do not use a router. We have cable modem.

Thanks,

Shannan
 
Upvote 0 Downvote
Those two IP's are from machines on the internet.

Robert Bentley

SynergyworksHosting.co.uk
"reliable services at realistic prices
 
Upvote 0 Downvote
Robert,

How could they be using our bandwidth?

Thanks,

Shannan
 
Upvote 0 Downvote
Are you able to determine the port number from your firewall? That would be a big key in finding what it is.

Robert Bentley

SynergyworksHosting.co.uk
"reliable services at realistic prices
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

edgar28
  • Locked
  • Question
Question on Network cards - Windows Server 2019
Replies
1
Views
281
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
HyperV Virtual Switch and Physical NIC question
Replies
3
Views
292
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
General Windows Server Datacenter/Standard Licensing Question
Replies
1
Views
198
DrB0b
DrB0b
Krus1972
  • Locked
  • Question
Web.Config URL Rewrite Question
Replies
0
Views
190
Krus1972
Krus1972
Shimness
  • Locked
  • Question
Hyper-V Server Build Questions
Replies
6
Views
384
technome
technome

Part and Inventory Search

Sponsor

Back
Top