September 21st, 2005, 01:34 PM
I had exactly the same problem about 6 months ago...it was Windows update on this occasion....I disabled it in services and it stopped - hope that helps...
September 21st, 2005, 02:39 PM
I'd love to know what you wrote in this email. I really think this is the wrong approach to your problem. Its most likely legit traffic coming from them, that your client is requesting. The research should be done on that client machine.
Originally posted here by Gixxer
Thanks guys, I sent Mr. Noam Freedman and little email, lets see if I get a response. I'm going up to the user's machine now to ring his neck. First, I'm going to that segment to do a little sniffing. Once my "nose" gets full, I'll report back.
I'll keep you posted.
I can just imagine being a hosting company that hosts thousands of sites and getting an email about someones computer trying to contact my site. I would venture to guess you won't get a reply at all.
An email from you before you do any research is going to be taken as finger pointing.
September 21st, 2005, 03:41 PM
I think you took my post the wrong way, I don't know how that would have happened. Maybe it was the whole "ring his neck" thinkg. I didn't send a nasty email over to the hosting company. Below is the message that I sent and although I haven't received a response yet this time I have in the past. I could see your point if I was shooting off nasty emails to every top 5 hosting company on my reports but that's not the case. Once in a while when it is not clear what sort of traffic it is an email might get sent. I think if the approach is done correctly, it is a good way to find out more of where data is being sent.
Good afternoon, one of our internal hosts has consistently had a large amount of web traffic destined to 18.104.22.168. Which is an ip address that resides under your ownership ( 22.214.171.124 - 126.96.36.199 ). This user is usually one of the top talkers on the network. I was hoping you could shed some light onto what sort of target this ip address is and why users on our network would access it?
Thanks for your help,