Results 1 to 6 of 6
  1. #1
    Master Untangler SirBC's Avatar
    Join Date
    May 2008
    Location
    San Carlos, CA
    Posts
    115

    Default Are my reports broken?

    I checked my monthly report for October this morning and was concerned to see that my Inbound Data Transfer for the month was 900 GBytes. There is no way that my office of myself and 2 other users should be generating this amount of inbound traffic. The other two users wouldn't know a torrent from a tree and I certainly don't use any P2P.

    I went back and looked at Sept. traffic and it looks similar, 725GB:



    I went and looked at the week of Sept. 15th to Sept 22. The weekly report said my inbound traffic was 310Gbytes. I then looked at each of the daily reports for that week. All except one looked similar to this:



    You can see that we typically have pretty light internet usage. However, for one of the days the report looked like this:



    This shows 296 GBytes for the day of Sept. 15th. What is odd about this is that the graph above doesn't seem to reflect this, does it? My DSL line maxes out at 3Mbps, so I don't think it is even possible that I could pull down 296Gbytes in a day. Also, when I look at the user reports for that day it shows a total of 88 MB traffic for the day:


    Is there something wrong with the reports, or am I missing something?

    - Dave

  2. #2
    Untangler nospoon's Avatar
    Join Date
    Oct 2008
    Location
    Adelaide, Australia
    Posts
    42

    Default

    Is it possible you have an open relay email server or a Trojan of some kind on one of your workstations?

  3. #3
    Master Untangler SirBC's Avatar
    Join Date
    May 2008
    Location
    San Carlos, CA
    Posts
    115

    Default

    I know I'm okay with my Exchange server. But yes, my concern is that this traffic is originating from an unknown source in my network. I do have AV on Untangle, my server and all workstations and none of them are reporting anything.

  4. #4
    Untangler nospoon's Avatar
    Join Date
    Oct 2008
    Location
    Adelaide, Australia
    Posts
    42

    Default

    AV progs are generally not so hot on Trojans and spyware. Perhaps try running something like Sypbot or MalwareBytes (both freeware).

    Also, have a look in your Attack Blocker, Intrusion Prevention and Firewall logs and look for a trail of evidence there.

    Finally, can you check with your ISP... to confirm the traffic is real? (I know, I'll go to hell for suggesting the UT logs might be telling porkies).

  5. #5
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,752

    Default

    I think that if you compare your reports and look at traffic per day, sessions per day, and each day's traffic per session, you could probably conclude that its time to unload Untangle Reports out of the rack and re-download it. It is displaying a profound case of silliness.

  6. #6
    Master Untangler SirBC's Avatar
    Join Date
    May 2008
    Location
    San Carlos, CA
    Posts
    115

    Default

    Thanks Mike, that's what I was hoping to hear

    -Dave

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2