I have to agree with Joe, that it doesn't sound like normal traffic. You really should look much more closely at the traffic being sent to see why and what it actually is.
Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob Walker Sent: Wednesday, December 08, 2004 7:57 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Unusual network traffic to DC's Yes, over 500 GIG and sometimes approaching a terabyte. I'm afraid I only know what the networking professional sent. He was monitoring the traffic to and from two AD DC's. From the graph he sent, it appears he is using a product called NetworkVantage? It has graphed data for 5 categories: Ping, Kerberos, SMB, Active Directory Servic, and Lightweight Dir Access. >From: "joe" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: <[EMAIL PROTECTED]> >Subject: RE: [ActiveDir] Unusual network traffic to DC's >Date: Tue, 7 Dec 2004 19:01:37 -0500 > >Hundreds of GIG? > >When you say ping do you mean ECHO's or LDAP Pings? > >What are the sources? > >This sounds like virus traffic if anything to me if you truly have even >half or a quarter that much volume. > > joe > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Jeff Salisbury >Sent: Tuesday, December 07, 2004 4:35 PM >To: [EMAIL PROTECTED] >Subject: RE: [ActiveDir] Unusual network traffic to DC's > >I believe you are seeing the link speed detection traffic. Check out KB >article 227260 (http://support.microsoft.com/?id=227260). > >Jeff > > >Jeff Salisbury >Network Infrastructure and Security Manager > >Belkin Corporation >Information Services >310 604-2061 >310 604-2022 fax >www.belkin.com > > >-----Original Message----- >From: Jacob Walker [mailto:[EMAIL PROTECTED] >Sent: Tuesday, December 07, 2004 1:13 PM >To: [EMAIL PROTECTED] >Subject: [ActiveDir] Unusual network traffic to DC's > >One of the networking professionals within our company that says he is >seeing hundreds of gigs of ping network traffic everyday to and from >the domain controller. Why would we see all of this ping traffic to >and from the DC's? Any ideas? > > >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ > >Confidential >This e-mail and any files transmitted with it are the property of >Belkin Corporation and/or its affiliates, are confidential, and are >intended solely for the use of the individual or entity to whom this >e-mail is addressed. >If you are not one of the named recipients or otherwise have reason to >believe that you have received this e-mail in error, please notify the >sender and delete this message immediately from your computer. >Any other use, retention, dissemination, forwarding, printing or >copying of this e-mail is strictly prohibited. >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ > >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
