Is this the symptom of worm activities in a network?
Hi,
My problem is a little complicated. My network components are as follows:
Server: Windows NT Server 4.0
Clients : mixture of Windows XP, Windows 98, Mac OS X,
AntiVirus: Symantec Corporate Edition 8.1 (constantly updated 3 times weekly)
Since last week, my office network seemed to get slower and slower with each passing day. It got worse and worse each day, so bad that even network printing seems to take ages. Internet connectivity is so slow its frustrating.
Looking at my network switches I can see quite a lot of broadcasts going on in the network (based on the blinking lights). I checked with Ethereal and, indeed, there were a lot of ARP broadcasts going on (about 7-15% of the total data transactions). Problem was, the broadcasts were coming from random PCs in the office! I tried listing down the source IPs but found myself listing ALMOST ALL the IPs in the office.
Thinking it was the work of worms, viruses or spywares, I worked overnight and cleaned EVERY SINGLE PC in the office. I used updated versions of Stinger, Trendmicro free virus scanner, and Spybot Search & Destroy to carefully clean each PC. Sadly, even this does not seem to solve the issue. I still see ARP broadcasts and the network is STILL very slow.
Can someone PLEASE advise me what to do... I'm at my wits end.
My problem is a little complicated. My network components are as follows:
Server: Windows NT Server 4.0
Clients : mixture of Windows XP, Windows 98, Mac OS X,
AntiVirus: Symantec Corporate Edition 8.1 (constantly updated 3 times weekly)
Since last week, my office network seemed to get slower and slower with each passing day. It got worse and worse each day, so bad that even network printing seems to take ages. Internet connectivity is so slow its frustrating.
Looking at my network switches I can see quite a lot of broadcasts going on in the network (based on the blinking lights). I checked with Ethereal and, indeed, there were a lot of ARP broadcasts going on (about 7-15% of the total data transactions). Problem was, the broadcasts were coming from random PCs in the office! I tried listing down the source IPs but found myself listing ALMOST ALL the IPs in the office.
Thinking it was the work of worms, viruses or spywares, I worked overnight and cleaned EVERY SINGLE PC in the office. I used updated versions of Stinger, Trendmicro free virus scanner, and Spybot Search & Destroy to carefully clean each PC. Sadly, even this does not seem to solve the issue. I still see ARP broadcasts and the network is STILL very slow.
Can someone PLEASE advise me what to do... I'm at my wits end.
0
Comments
If you are using switches this normally won't happen however if you have hubs this can happen quite rapidly. The pain in the ass weekend job is to turn off all the machines and one by one turn them on and watch the activity to see if you can find the source. If you have one machine that is controlling the traffic between the inside/outside world you should be able to log all the information and narrow it down. If the resource of the slowdown is becasue of internet traffic see which ip(s) are being accessed and just block them.
Also if you are using Hubs and not switches regardless of the network size you should go to switches they are so cheap right now and are worth 10 times their price in the problems they can prevent.
There are unfortunately so many things that could be causing your problem that it's impossible to diagnose over a forum without more info. Your going to have to earn your bucks and start trouble shooting everything.
I will immediately get down to your advises...