Had a similar problem a long time back and after extended testing discovered that the linux distro I was using came with a torrent package installed by default; that combined with the fact that the ISP connection was giving me other IP addresses via DHCP that were previously being used by other folks who were into serious sharing publicly using the torrent packages.
ISP claimed the traffic was likely caused by others effectively abusing the use of the IP addresses when they were assigned to them and hence others continued to try using it after it was assigned to me as a new lease. Uninstalling all torrent related s/w seemed to help initially, Also the router I bought at the 'authorized official retailer' had the MS Whiteboard port 1720 open all the time as well as a lot of traffic from the retailer who sold the router trying to access the router/network for no known reason. Had set the router to email me when log was full and was getting two and three emails a day with blocked access attempts by the retailer. Immediately changed to new ISP and it dropped off then traffic seemed to rise up again slowly. Found new ISP w/l router hub came with port 0 and 1 only closed rather than stealthed, but the actual IP address assigned to the hub was different from the www IP address that I was assigned at any given time. This helped somewhat but in the end I changed ISP's again, uninstalled torrent software, and then closely monitored port traffic and stealthing using http://www.grc.com Shield's Up links to confirm stealth when on line. I used nmap inside the firewall to ensure individual w/s's were all stealthed except for req'd NFS , DHCP, NTP and network housekeeping service ports. I also killed all telnet & remote access svr services on all machines and use the grc.com reccomendation to port forwarding to non-existent internal network addresses if you can't close or completely stealth ports for things like whiteboard 1720 or irc 113. Most urban users don't get too worried because they get really inexpensive data traffic caps packages, aka 'unlimited'; however rural highspeed is effectively like your electricity meter when it comes to data traffic and anywhere you can reduce or eliminate traffic translates into $$ savings immediately, so paying attention to things like firewall traffic emails and excessive disk activity as a daily routine monitoring practise pays big dividends. Also if you use 'firestarter' as a w/s firewall, it has a couple of advanced options that cause a lot of network activity which are evident in disk light activity increases as well. The defaults on installing it are usually OK but if you tinker with the advanced settings the interprocessor traffic and disk activity will increase substantially. Good luck finding your causes. Cheers On 17/03/13 06:50, Paul Hayton wrote: > > Hi all, > > I’ve noticed a jump in my LAN activity and router traffic when I run > any of the modules such as RDAdmin, RDLibrary, RDLogedit, RDLogmanager > > I can see the ports on my switcher and router suddenly start to flash > all the time the moment I run any of these modules. > > It’s like something behind the scenes is constantly testing to see if > there is a network connection? > > The system has been compiled on an Ubuntu 12.04 LTS box. > > Any ideas what this behaviour may be, how to find out and stop it? > > I have noticed the Firefox browser often times out when I have this > sort of activity going on and it’s very frustrating. > > Cheers, Paul. > > > > _______________________________________________ > Rivendell-dev mailing list > [email protected] > http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev _______________________________________________ Rivendell-dev mailing list [email protected] http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev
