Are my reports broken?

**SirBC** · 11-02-2008, 10:50 AM

I checked my monthly report for October this morning and was concerned to see that my Inbound Data Transfer for the month was 900 GBytes. There is no way that my office of myself and 2 other users should be generating this amount of inbound traffic. The other two users wouldn't know a torrent from a tree and I certainly don't use any P2P.

I went back and looked at Sept. traffic and it looks similar, 725GB:

I went and looked at the week of Sept. 15th to Sept 22. The weekly report said my inbound traffic was 310Gbytes. I then looked at each of the daily reports for that week. All except one looked similar to this:

You can see that we typically have pretty light internet usage. However, for one of the days the report looked like this:

This shows 296 GBytes for the day of Sept. 15th. What is odd about this is that the graph above doesn't seem to reflect this, does it? My DSL line maxes out at 3Mbps, so I don't think it is even possible that I could pull down 296Gbytes in a day. Also, when I look at the user reports for that day it shows a total of 88 MB traffic for the day:

Is there something wrong with the reports, or am I missing something?

- Dave

**nospoon** · 11-03-2008, 05:00 AM

Is it possible you have an open relay email server or a Trojan of some kind on one of your workstations?

**SirBC** · 11-03-2008, 08:37 AM

I know I'm okay with my Exchange server. But yes, my concern is that this traffic is originating from an unknown source in my network. I do have AV on Untangle, my server and all workstations and none of them are reporting anything.

**nospoon** · 11-03-2008, 09:16 AM

AV progs are generally not so hot on Trojans and spyware. Perhaps try running something like Sypbot or MalwareBytes (both freeware).

Also, have a look in your Attack Blocker, Intrusion Prevention and Firewall logs and look for a trail of evidence there.

Finally, can you check with your ISP... to confirm the traffic is real? (I know, I'll go to hell for suggesting the UT logs might be telling porkies).

**mdh** · 11-03-2008, 12:35 PM

I think that if you compare your reports and look at traffic per day, sessions per day, and each day's traffic per session, you could probably conclude that its time to unload Untangle Reports out of the rack and re-download it. It is displaying a profound case of silliness.

**SirBC** · 11-03-2008, 03:01 PM

Thanks Mike, that's what I was hoping to hear

-Dave

Thread: Are my reports broken?

LinkBack

Thread Tools

Are my reports broken?

Posting Permissions